Currently I am setting up an admin login page with PHP and this is how I have it set up.
If the user navigates to website.com/admin, it returns a 404 error. The only way to get access to the admin login is to go to website.com/admin?key=random-string. If the key in the URL doesn't match the key in the database it will return a 404 error. When the key matches it will present you with the admin login.
I thought this was clever to help prevent someone from getting access to the admin login screen, but I am not experienced enough to know if this is true.