From 73a7008b4ac7774c5dec4775fce64490d16b7507 Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Tue, 20 Aug 2019 21:00:45 +0200
Subject: [PATCH] Update README.md

---
 README.md | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index aa7f264c..4643c8d8 100644
--- a/README.md
+++ b/README.md
@@ -10,20 +10,19 @@ MyVesta Control Panel
 Features
 ==================================================
 
-1) Apache is on mpm_event by default, PHP is running in PHP-FPM
+> + Apache is on mpm_event by default, PHP is running in PHP-FPM
 
-2) You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL
+> + You can totally "lock" VestsCP so it can be accessed only via https://serverhost:8083/?MY-SECRET-URL
+> After installation just execute:
+> ```
+> echo "<?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php
+> ```
+> Literally no one PHP script will be alive before you access that URL, so even if there is some zero-day exploit - hacker will not be able to access it without knowing your secret URL.
+> You can see how mechanism was built by looking at:
+>   + https://github.com/myvesta/vesta/blob/master/src/deb/php/php.ini#L496
+>   + https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php
 
-After installation just execute:
-```
-echo "<?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php
-```
-Literally no one PHP script will be alive before you access that URL, so even if there is some zero-day exploit - hacker will not be able to access it without knowing your secret URL.
-You can see how mechanism was built by looking at:
-- https://github.com/myvesta/vesta/blob/master/src/deb/php/php.ini#L496
-- https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php
-
-3) We disabled dangerous PHP functions in php.ini, so even if customer's CMS was compromised, hacker will not be able to execute shell from PHP.
+> + We disabled dangerous PHP functions in php.ini, so even if customer's CMS was compromised, hacker will not be able to execute shell from PHP.
 
 About VestaCP
 ==================================================