Ich sage es immer und immer wieder, hier noch ein Argument vdazu on Chris Wiegman: Den Loginbereich einer mit WordPress betriebenen Website an einen anderen Ort zu verschieben, bringt nichts.
First, there are many more ways to login to WordPress. There is still the WordPress Dashboard, which we were hiding, and XMLRPC, which many sites used to disable, but there is also the REST API, GraphQL and so many other interfaces to WordPress that allow authentication. […] Second, login security is better than it used to be. We can implement 2-factor authentication and block attackers as soon as they try getting in. […] Hiding your login page can’t hold a candle to these newer techniques. Next, moving wp-admin can break your site. […] Finally, most WordPress attacks don’t succeed because someone guesses your user password. Most attacks succeed because you have kept a vulnerable plugin or theme on your site.
Please stop hiding wp-admin
Den Loginbereich zu verschieben/verstecken ist Sicherheit nach dem Motto „Security by obscurity„. Und alles, was obskur ist, sollte man meiden.