Membership - Best Practices for Login and Register

We are using the Membership module on a client site.

The registration page is http://www.mydomain.com/register which is provided by the plugin. We have a free and several paid subscriptions. We want all users to register for a subscription so we can control their access level. However, we noticed that some spammers were bypassing the registration page and creating users by going to:
http://www.mydomain.com/wp-login.php?action=register

So in Settings->General we disabled the option "Anyone can register". Now the message "User registration is currently not allowed." appears when someone tries to go to http://www.mydomain.com/wp-login.php?action=register

However, the wp-login.php is still being used for the Login and is still available to anyone browsing. For security purposes, we have seen another membership plugin that somehow hides the wp-login.php altogether and instead creates a page called http://www.mydomain.com/login to handle all logins.

In membership plugin. is there a way to have a page like http://www.mydomain.com/login and disable http://www.mydomain.com/wp-login.php?

Or is there a compatible plugin that you can recommend to do this?

Please ask the developers to incorporate this hiding of wp-login.php in a future update. Thanks!

Hector