If you manage a WordPress website, or many of them like me, it doesn’t take long before you understand that there are lots of hackers out there always trying to break your login and gain access to your site. There are brute force protection plugins available, but if you or just a handful of people are the only ones accessing your website, why even let anyone else see the login page at all?
For a while I got in the habit of renaming the wp-login.php page. This stopped access attempts, but the extra steps to open up the login access and then close it again was a pain in the rear. Plus I needed file access to do it.
So I brainstormed and came up with a better idea which seems to be working well so far. It keeps everyone out but me.