There are so many confusing guides online to achieve something quite simple: change the login url from wp-login.php to something different so as to prevent automated attempts to brute force your login details.
Duplicate the wp-login.php file and name it your-custom-login.phpFind and replace all references of wp-login.php with your-custom-login.php in your-custom-login.php fileRemove wp-login.php from your public_html directoryYou will now be able to login at https://yoursite.com/your-custom-login.php. This however, does not prevent someone from visiting https://yoursite.com/wp-admin which will redirect to https://yoursite.com/your-custom-login.php. To redirect /wp-admin to your homepage, follow this guide.