If hackers can’t find your admin page, how are they going to hack it?!
Trough the XML-RPC and other methods.

Okay thats not what I wanted to talk about 😉
Let’s assume they are beginners, lazy, they will just popup the /admin page or the /wp-login.php page. That’s way to easy!

Let’s make it more difficult for them!

Go to: Security > Advanced > Hide backend

And change the Login slug to something only you and your friends know!
It wil save you a lot of bot’s and people trying your username/password reset form and more tricks they have.