Membership - Best Practices for Login and Register

We are using the Membership module on a client site.

The registration page is which is provided by the plugin. We have a free and several paid subscriptions. We want all users to register for a subscription so we can control their access level. However, we noticed that some spammers were bypassing the registration page and creating users by going to:

So in Settings->General we disabled the option "Anyone can register". Now the message "User registration is currently not allowed." appears when someone tries to go to

However, the wp-login.php is still being used for the Login and is still available to anyone browsing. For security purposes, we have seen another membership plugin that somehow hides the wp-login.php altogether and instead creates a page called to handle all logins.

In membership plugin. is there a way to have a page like and disable

Or is there a compatible plugin that you can recommend to do this?

Please ask the developers to incorporate this hiding of wp-login.php in a future update. Thanks!