While security thru obscurity is not really security, it is a major problem in WP that every kiddo knows the log in URL of a WP install as well as its admin url.
Allowing to customise that, not only would avoid probably 90% of all brute force, but also actually help branding the tool (wether that be cp-admin or beda-admin)
However, I believe this is not easily possible because of several hardcoded instances of the wp-login and wp-admin inside core code.
Just scan the core code for
wp-login to see the first has
31375 matches across 569 files, the second has
361 matches across 34 files
Non actionable, IMO, even if I very much would like to see it, it would require a full rewrite to make those hardcoded instances all dynamic using a $var, which is possible, however, I have yet to see the people available to do such monster-job in a proper amount of time.
Not to mention that those are often file names and I am not sure one could even “dynamically” rewrite a filename like wp-login.php to wp-anything.php (and that would be necessary at least to avoid the URL call to wp-login.php), without causing a ton of issues, and conflicts each time WP would update, and so on.
By what I know all plugins that allow to fully rename login and admin, are also all somehow broken or cause huge issues and conflicts with other code and plugins/themes. I have given up on renaming that when I started with WP back in 2012, exactly because there where just always issues with any solution found, or the solution found was working but not complete enough.