session_start();
 
//See what file is being requested by the web client, also store the arguments just in case.
list($file,$arguments) = explode("?", $_SERVER['REQUEST_URI']);
 
//if the user just logged out, destroy this session and redirect them to root
if("/wp-login.php?loggedout=true" == $file ."?" .$arguments)
{ session_destroy(); header("location: /"); }
 
//If our sentinel variable is set and true do nothing, allow normal script execution
if(isset($_SESSION['valid_entrance']) && $_SESSION['valid_entrance'] == true) { /* As they say, "Silence is golden" */ }
 
//Now if the user is requesting wp-login.php and our sentinel is not true, redirect the "attacker" to root.
elseif($file == "/wp-login.php" && !isset($_SESSION['valid_entrance']))
{  header("Location: /"); exit(); }
 
//If the user is requesting the right login entrance set the sentinel to true
elseif ($file == "/secure-login")
{  $_SESSION['valid_entrance'] = true; }