By default WordPress uses /wp-admin/ for your login URL.
The problem with this is that bots, hackers, etc. all scan for these when looking for vulnerabilities and entry points into your site. On one of my sites I had 800+ failed attempts per day trying to gain access to my site.
Follow the instruction below to install and configure the free plugin I use to change my WordPress login URL to something unique. This wiped out pretty much 99% of all those attempts.
In your WordPress dashboard click into “Plugins” and “Add New.”
Search for “WPS Hide Login” and click on “Install Now.” You can also download WPS Hide Login from the WordPress repository. Best thing about this plugin is that it is super lightweight and doesn’t require modifications to your .htaccess file. It simply intercepts page requests and rewrites them.
Click on “Activate Plugin.”
Under “Settings” click into “General.”
Scroll down to the bottom of the page and you will see a new “Login URL” field. Input something creative that you can both remember and nobody will be able to guess. I like to have a little fun with mine. You can always bookmark the new login URL as well. Then press “Save Changes.”
The next time you login you will need to use your new login URL in your browser.