Moving your admin directory, htaccess and removing the link from your theme are archaic and proven to be meh in this day and age.
Google Auth 2FA is enough to secure your account. The person would actually need access to your google auth account, password and backup password to even begin to login to your ACP.
Hiding an ACP is at best a "deterrent" and never a real solution. Additionally, the ACP link is ONLY given to those that have an administrative level account (so they have an account that can access the ACP.
I'll be honest, if 2FA isn't enough for you, then you are really going outside of the box. Who is in your personal data far enough that you are worried that 2FA isn't enough?
It sounds like you're going through extreme measures to solve an already solved problem.