thanks @yogeshyadav20 , but not a good idea for me.
let me explain:
I duplicate the wp-login.php file then rename the new one to wp-in.php, and change the wp-login.php permission to block everyone to access it. then I change the wp-login.php in the general-template.php file. the problem is whenever WordPress has updated, the general-template.php backs to normal, and I don’t want the last thing to happen. and I prefer to not use any plugins.
