Update README.md

README.md

@@ -10,19 +10,17 @@ MyVesta Control Panel
 Features
 ==================================================
 
-> + Apache is on mpm_event by default, PHP is running in PHP-FPM
++ Apache is on mpm_event by default, PHP is running in PHP-FPM
 
-> + You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL
++ You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL
-> After installation just execute:
+    + After installation just execute:
-> ```
+    + `echo "<?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php`
-> echo "<?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php
+    + Literally no one PHP script will be alive before you access that URL, so even if there is some zero-day exploit - hacker will not be able to access it without knowing your secret URL.
-> ```
+    + You can see how mechanism was built by looking at:
-> Literally no one PHP script will be alive before you access that URL, so even if there is some zero-day exploit - hacker will not be able to access it without knowing your secret URL.
+      + https://github.com/myvesta/vesta/blob/master/src/deb/php/php.ini#L496
-> You can see how mechanism was built by looking at:
+      + https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php
->   + https://github.com/myvesta/vesta/blob/master/src/deb/php/php.ini#L496
->   + https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php
 
-> + We disabled dangerous PHP functions in php.ini, so even if customer's CMS was compromised, hacker will not be able to execute shell from PHP.
++ We disabled dangerous PHP functions in php.ini, so even if customer's CMS was compromised, hacker will not be able to execute shell from PHP.
 
 About VestaCP
 ==================================================