rewrite rule to hide/change wp-login.php

after reading a gazillion posts I'm still stumped at finding current approach to masking/hiding/changing wp-login.php to something else to mitigate getting hammered.

is there a plugin that works on multisite?

what would be the htaccess rewrite rules for subdomain network?

support: please don't just point me to other posts that are years old with a dozen different opinions about what to do, I'm looking for a WPMUDev policy answer. THANKS