Solution:
You can use the Lockdown WP plugin to:
Hide the /wp-admin section.
Return a 404 error for users who are not logged in.
Rewrite the login URL (as you’ve already done).
Note: Even with these measures, there are still indicators that your site is running WordPress, such as the wp-content folder and other default files. Skilled users can detect these if they are determined.