new login URL's for wp admin & wp login

.htaccess

# part 3
RewriteRule ^adminLoginUrl/(.*) wp-admin/$1?%{QUERY_STRING} [L]

functions.php

// more aggressive way to reroute login url pt.1
<?
add_filter('site_url',  'wpadmin_filter', 10, 3);
 function wpadmin_filter( $url, $path, $orig_scheme ) {
  $old  = array( "/(wp-admin)/");
  $admin_dir = WP_ADMIN_DIR;
  $new  = array($admin_dir);
  return preg_replace( $old, $new, $url, 1);
 }

//add this 2nd

page-template.php

// thos is how wordpress.org says it can be done. 

<?php
if ( ! is_user_logged_in() ) { // Display WordPress login form:
    $args = array(
        'redirect' => admin_url(), 
        'form_id' => 'loginform-custom',
        'label_username' => __( 'Username custom text' ),
        'label_password' => __( 'Password custom text' ),
        'label_remember' => __( 'Remember Me custom text' ),
        'label_log_in' => __( 'Log In custom text' ),
        'remember' => true
    );
    wp_login_form( $args );
} else { // If logged in:
    wp_loginout( home_url() ); // Display "Log Out" link.
    echo " | ";
    wp_register('', ''); // Display "Site Admin" link.
}
?>

part4-funtion.php

<?
add_action('login_form','redirect_wp_admin');
 
function redirect_wp_admin(){
$redirect_to = $_SERVER['REQUEST_URI'];
 
 if(count($_REQUEST)> 0 && array_key_exists('redirect_to', $_REQUEST)){
    $redirect_to = $_REQUEST['redirect_to'];
    $check_wp_admin = stristr($redirect_to, 'wp-admin');
    
    if($check_wp_admin){
        wp_safe_redirect( '404.php' );
    }
 }
}

part5-funtion.php

<?
//depending how you funtion,php file is laid out noth part4 & part5 live in there just adding in correct sequenice.
add_action( 'init', 'force_404', 1 );
function force_404() {
    $requested_uri = $_SERVER["REQUEST_URI"];
    if (strpos( $requested_uri, '/wp-login.php') !== false ) {
        // The redirect code
        status_header( 404 );
        nocache_headers();
        include( get_query_template( '404' ) );
        die();
    }
}

wp-config-example.php

// more aggressive way to reroute login url pt.1
<?
define('WP_ADMIN_DIR', 'adminLoginUrl');
define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);

?>

How to restrict the default wp-admin or Admin login URL to secure it against hackers. One of the most common types of hacking on WordPress is a brute force attack. In this kind of attack, a hacker attempts to try various permutations & combinations of usernames & passwords to get inside of your WordPress blog. Especially when we all know that the common WordPress admin URL is wp-admin, any hacker can easily get started with brute force attacking.
There a number of plugins available to restrict or change default /wp-admin url, but best practice is not to install additional plugins.y This can be achieve by a simple hook in php and .htaccess file. Below are the steps to change the admin url or wp-admin to secure login.

1. Add constant to wp-confing.php
2. Add below filter to functions.php
3. Add line to .htaccess file under IfModule mod_rewrite.c
4. Restrict the /wp-admin URL: The above code allow you to login the admin fror new url.(don’t forgot to add “/” at end of the URL) site.com/adminLoginUrl/ But till now wp-admin url is not blocked or disabled. To do this you need to add below code to restrict the URL : site.com/wp-admin. Now if someone access via /wp-admin url it will redirect to 404 page.
5. Restrict the /wp-loging.php file:
   Now if someone tries access via /wp-login.php url, it will show 404 page.

Todo: possible set up custom login page and logo.