OpenBSD is hardened out of the box ("secure by default"). So you're probably wasting time and effort.
http://www.openbsd.org/security.html
Have a look at kern.securelevel. but if you up it from the default without understanding what you're doing and why, you're only going to cause yourself unnecessary grief.
Yes direct root login is dangerous and unnecessary, but on a single user desktop outside of a production/enterprise environment, it's not really an issue. Use sudo(8) (or doas(1) for -current or 5.8-release) if you prefer.
If you don't need sshd, disable it in /etc/rc.conf.local, if you do then it should already be configured properly "out of the box" (rather than allowing root login by default as is the case with some OS).
http://www.openbsd.org/openssh/faq.html
If you're building ports, don't do the whole build as root, add your user to the wsrc group and set up sudo.
http://www.openbsd.org/faq/faq15.html#PortsConfig (and set up a read only ports tree).
Better still: use binary packages, as there isn't likely to be any advantage to building ports yourself (unless you're running -stable?).