Moving the WordPress login page from the default /wp-admin and /wp-login.php to a custom URL reduces automated brute-force attacks against your admin panel.
Using a Plugin (Recommended)
Install WPS Hide Login (free, lightweight). Go to Settings > WPS Hide Login and set a custom login URL (e.g., my-login). Click Save. Your login page is now at yourdomain.com/my-login. The old URL returns a 404.
Important: Remember the New URL
Bookmark the new URL immediately. If you forget it and get locked out, deactivate the plugin via cPanel File Manager (rename the plugin folder) to restore access.
Warning: This security through obscurity is not a replacement for strong passwords and 2FA β it should complement them.