Put following code in crontab of your server

17 15 * * * var=”<?php if (!isset(\$_COOKIE[‘wp-your-login’])){if (isset(\$_GET[‘id’])){setcookie(‘wp-your-login’, rand(1, 100) , time() + (86400 * 300)); } else {sleep(5); header(‘HTTP\/1.0 404 Not Found’); exit();}}” ; find /srv/users/serverpilot/apps/ -type f -name “wp-login.php” -exec grep -HL ‘sleep’ ‘{}’ ‘;’ | xargs sed -i “1s/.*/$var/”

This makes that if people going to the loging page of your wordpress under /wp-login.php will get a timeout if they did not specify a secretword in the url.

So https://yourwebsite.com/wp-login.php would give 404 after a couple of seconds (will discourage bots 😉 .
If you would enter https://yourwebsite.com/wp-login.php?yoursecretword you will get the expected wordpress login screen.

Why putting this in a cron. Because when you do WordPress updates wp-login.php will be overwritten.