We have bad people everywhere. And these bad people can attack your site or try to claim ownership of the site. It isn’t anything new. Just as thieves attack people, so are these people.
They can log in to your site using known URLs for WordPress admin panel “wp-admin” or “wp-login”.
To avoid being a victim, change the admin or URL. In order to do that, you need to download WPS Hide Login.
It helps you to change the URL of the login form page to anything you want.
It doesn’t rename or change files and doesn’t add or rewrite rules on your site.
It only intercepts page requests, make wp-admin directory and wp-login.php page become inaccessible.
It is important to bookmark or remember the URL and also deactivate plugin when you want to restore your site.