I have found that lots of WordPress websites gets regular wp-login.php brute force attack. This also causes high CPU and memory usage on server. We highly recommend WordPress websites administrator to change wp-login.php url to improve security.
In this tutorial I will explain how to change wp-login.php to wp-login-new.php (You can choose any other name).
Step 1
Open wp-login.php file in any text editor. Find and replace all wp-login.php to wp-login-new.php.
Save the file and close it.
Step 2
Rename wp-login.php file to wp-login-new.php
Step 3
Create a new blank file and name it as wp-login.php
Step 4
Open .htaccess file located in public_html directory and add following code at the top.
ErrorDocument 401 default
Done!!
Now your WordPress login url will be:
domain.com/wp-login-new.php
And domain.com/wp-login.php file will open a blank page. Thus will not cause server load.