We are using the Membership module on a client site.
The registration page is http://www.mydomain.com/register which is provided by the plugin. We have a free and several paid subscriptions. We want all users to register for a subscription so we can control their access level. However, we noticed that some spammers were bypassing the registration page and creating users by going to:
So in Settings->General we disabled the option "Anyone can register". Now the message "User registration is currently not allowed." appears when someone tries to go to http://www.mydomain.com/wp-login.php?action=register
However, the wp-login.php is still being used for the Login and is still available to anyone browsing. For security purposes, we have seen another membership plugin that somehow hides the wp-login.php altogether and instead creates a page called http://www.mydomain.com/login to handle all logins.
Or is there a compatible plugin that you can recommend to do this?
Please ask the developers to incorporate this hiding of wp-login.php in a future update. Thanks!