Unauthorised Login Redirect is a WordPress plugin by Robert Simpson, that allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL of your specification, with every other request being redirected to a different URL of your specification.
More info: https://wordpress.org/plugins/unauthorised-login-redirect/