The WordPress login form never loads unless a "secret" key-value pair exists as a URL parameter.

wp-disable-login-form.php

add_filter( 'wp_login_errors', 'login_form_lockdown', 90, 2 );

/**
 * This code locks down the WordPress login form by hijacking the page via the 'wp_login_errors' hook and only executing the 
 * login header, footer, and necessary closing tags unless a URL parameter (defined in the function) is included in the request. 
 * If the parameter exists, the full login form is returned in the error object.
 * 
 * Without the "secret" key-value pair passed as a URL parameter, all login pages will be blank except for any HTML/CSS loaded
 * prior to wp_login_errors, such as the default wordpress.org-linked WordPress logo above the (absent) login form.
 * 
 * Based on code from @daggerhart: https://gist.github.com/daggerhart/d19821ff8ce836a5fc68
 *
 * @param WP_Error $errors      The error object passed to the login form.
 * @param string                $redirect_to the redirect destination URL.
 *
 * @return WP_Error The potentially modified error object.
 */

function login_form_lockdown( $errors, $redirect_to ){
	$secret_key = "login_form";
	$secret_value = "true";
  				
	if (empty(filter_input(INPUT_GET, $secret_key, FILTER_SANITIZE_STRING)) || 
		(filter_input(INPUT_GET, $secret_key, FILTER_SANITIZE_STRING) != $secret_value)) {
			login_header(__('Log In'), '', $errors);  // add $text_domain here
			echo "</div>";
			do_action( 'login_footer' );
			echo "</body></html>";
			exit;
	}
  return $errors;
}