Force homepage login while hiding wp-login.php

After hours of attempts, and countless articles dating back over a decade I nearly have this working 100%. Essentially as the title mentions I have a homepage (much like facebook), with a buddypress registration form and menu login.

The login form is using the wp-login.php to $POST vars (until 4.5 is released it appears this how this is to be done since). I do not want access to the site unless logged in, and I preferably don’t want wp-login.php ever seen. Here are the following precautions I have in place so far:

# Force Redirect on WP default login page
add_action('init', array( $this, 'prevent_wp_login') );
function prevent_wp_login() {
    global $pagenow;

    # Check if a $_GET['action'] is set, and if so, load it into $action variable
    echo $action = (isset($_GET['action'])) ? $_GET['action'] : '';
    if( $pagenow == 'wp-login.php' && ( ! $action || ( $action && ! in_array($action, array('login', 'logout', 'lostpassword', 'rp'))))) {
        wp_redirect( get_home_url() );
        exit();
    }
}

add_action('template_redirect', array( $this, 'check_if_logged_in') );
function check_if_logged_in(){
    if(!is_front_page() && !is_user_logged_in()) auth_redirect();
}

# Redirect members to their profile page
add_filter( 'bp_login_redirect', array( $this, 'redirect_to_profile'), 11, 3 );
public function redirect_to_profile( $redirect_to, $redirect_url_specified, $user ){
    if( empty( $redirect_to ) )
        $redirect_to = admin_url();

    # if the user is not have contributor capabilities, redirect to his/her profile
    if( isset( $user->ID) && ! user_can( $user->ID, 'edit_posts' ) )
        return bp_core_get_user_domain( $user->ID );
    else
        return $redirect_to;
}

With those snippets everything works as expected except when the user fails to login, then it goes to the wp-login.php and notifies them of a bad password. How can I notify them on my login form without being redirected to the wp-login.php screen?