WordPress

How to make an authorization form in php + wordpress?

Hello. It was necessary to create a system with user authorization on the wordpress site. Using the functionality of wordpress itself to work with users will not work for a number of reasons.
Actually, the site should have a page that can only be accessed after custom authorization.
I started reading how it can be done and drowned. If I understand correctly, then the technique should be something like this: the
user gets to the ajax authorization form page ->
enters his login / password ->
they are sent to the server for verification ->
if everything is ok, then authorization cookies are hung up for him and he, along with they are redirected to the desired page ->
when entering it, the server checks the user's cookies ->
if the cookies are correct, then the page is displayed and the user can work; if not, it redirects to the page with the authorization form.
But at the same time, as I understand it, cookies can be easily changed on the user side. Then how to ensure that the left user does not come in with cookies stolen / picked up somehow?
Or is it not the way I imagine?
The second question is that wordpress only allows you to set_cookie before anything is displayed on the page. Those. I can't send cookies to the user after he enters the data? Whereas?