Here’s a way to move your wordpress login page from wp-login.php to (in this case) /blog/secret-login-page with Apache rules.

Note this is akin to moving ssh from port 22, you should set up strong authentication, rename your admin user and possibly consider one of the wordpress security plugins before using this.

# move WordPress login page 
<Location "/blog/secret-login-page"> 
RequestHeader set X-WPTOKEN mysecretheader
</Location> 

RewriteCond %{HTTP:X-WPTOKEN} !=mysecretheader 
RewriteCond %{HTTP_REFERER} !^.*/blog/secret-login-page$ 
RewriteRule ^.*/wp-login.php$ - [R=404,L] 

ProxyPass /blog/secret-login-page http://example.com/blog/wp-login.php

You should change the header value and the location of your “secret” login page. If you hit this URL on unsecured networks (eg public wifi), finding the location of this page will not be difficult – but you could move the URL to https.