The 15 day expiration on the login is a problem. I just lost work because of it. I had been editing a post. I did a "Preview". My fifteen days of login expired and WordPress forced me to log in again. When I got back to the post I had been editing my changes were lost. They weren't in the autosave. The weren't in the current version.
I am in a secure secret concrete bunker location on a mountain top out in the middle of nowhere surrounded by a dozen highly trained canines, 300 attack pigs and two needle nosed humming birds all surrounded by high voltage electric fencing. Nobody is going to come use my computer without my permission. It is not necessary to force logout on my computer at an arbitrary 15 day period. This is heavy handed false security, not real security.
I should not have to hack the WordPress code to change it - which requires rehacking every update. The timeout count for the login expiration should be under user control in the settings for WordPress.
Please add a user setting allowing control over the timeout.