If you are doing this for your own site then using .htaccess
might be the easiest way although it could get tricky if you want to make it work for a plugin as there would be lots of different subtle configuration differences to support.
Here are some articles that could help; not all are directly answering your question but they all address your security concern in one way or another:
- Hide WordPress WP-Admin Login Page
- How to prevent attacks on WordPress wp-login.php page
- Secure Your WordPress, Playing With Your .htaccess File.
- How to: change from wp-login.php to login
- How to protect wp-login and wp-admin
- Hardening WordPress with Mod Rewrite and htaccess
And of course that’s no blog expert on Apache and WordPress than the guy who writes AskApache. Be sure to check out these: