You could hook into the wp_authenticate_user
filter and return an error.
Something like:
add_filter( 'wp_authenticate_user', 'wpse_406123_stop_login', -1 );
function wpse_406123_stop_login() {
$message = new WP_Error( 'login_disabled', __( '<strong>ERROR</strong>: You cannot login at this time' ) );
return $message;
}
You can then change your security keys –the ones that look like this to something different – that will invalidate all current logins.