01. 下載 Stealth Login 並解壓上傳到 ./wp-content/plugins/ 下。
// 或從 WordPress 後台直接搜尋 Stealth Login 下載

02. Plugins -> Installed -> Activate Stealth Login

03. WordPress 後台 -> Settings -> Stealth Login

04. 把 Enable Plugin 切換到 On，然後依據您的需要來設定您想要的網址形式，含 WordPress 登入、登出、註冊、後台的位置。

eg :
Login Slug : in -> http://who-know.com/in/；Logout Slug : out -> http://who-know.com/out/；Register Slug : reg -> http://who-know.com/reg/；Admin Slug : admin -> http://who-know.com/admin/

05. 把 Stealth Mode 切換到 Enable，不然就變成 http://who-know.com/reg/ = http://who-know.com/wp-login.php?action=register 兩種網址形式都可以用來註冊帳號，這樣就沒有達到保護 WordPress 的用意了，我們希望的是透過修改 WordPress 登入、登出、註冊、後台的網址，來保護我們用心經營的聖地。

06. 最後它會生成一大串的語法加到 .htaccess file，接下來請立刻測試有沒有成功，如果您的 WordPress 是安裝在子目錄的且有使用 Permalink( 中譯 : 永久連結、固定網址、偽靜態等 )，可能會有問題。

eg : 假設您的 WordPress 原本是裝在 ./wordpress/ 下，您會發現剛才改的網址變成 http://your.domain.name/wordpress/wordpress/ ...，所以請下載 .htaccess file 把 RewriteBase /wordpress/ 修正一下再上傳覆蓋，即可解決問題了。
// 把 RewriteBase /wordpress/ 改成 RewriteBase /

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wordpress/
# STEALTH-LOGIN
...
# END STEALTH-LOGIN
...
</IfModule>

# END WordPress

07. 附註
a. 設定好後，把 ./wp-content/plugins/ 下的 stealth-login 刪除，好像也可以正常運作。
b. 無聊也可以定期幫它換一下 stealth_folderName_key
// WordPress 後台 -> Settings -> Stealth Login -> Save Changes

Ref : // 紀錄一下其它方法，其中第二個方法很原始也很暴力
01. Who Else Wants to Hide Their Wordpress Folder?
02. How To Change "wp-admin" Folder Name on Wordpress

# 301 Redirect Non-WWW to WWW
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(who-know\.com)(:80)? [NC]
RewriteRule ^(.*) http://www.who-know.com/$1 [R=301,L]

02. Redirect WWW to Non-WWW
// eg: Redirect www.who-know.com to who-know.com, 於 .htaccess file 加上

# 301 Redirect WWW to Non-WWW
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.who-know\.com)(:80)? [NC]
RewriteRule ^(.*) http://who-know.com/$1 [R=301,L]

03. 如果覺得自己改有點麻煩, 可以利用線上製作 .htaccess file ( 繁 簡 英 日 ) 來產生, 點左邊的設置WWW(w) -> 然後填上您希望統一的網址 -> 複製貼上到您的 .htaccess file
// 參考上面舉的例子, 複製須要的部分即可, 用不到的就不用管它。

<Files ~ "^.(htaccess|htpasswd)$">
deny from all
</Files>
order deny,allow

04. 上傳完 .htaccess file, 可以利用 HTTP Server Header Checker, SEO Tools - Search Engine Friendly Redirect Checker 來檢查是否設定成功。

05. 關於上面 Rewrite Rule 所用到的 NC, $1, R, L 的解釋

  a. [NC] (no case) Case-insensitive, ignoring difference between 'A-Z' and 'a-z' when Pattern is matched against the current URL.

  b. $1 is magically replaced with the text which was captured previously. ( $ stuff means plug in whatever follows )

  c. L - Last Rule. No more rules will be proccessed if this one was successful.

  d. R[=code] - Redirect. The user's web browser will be visibly redirected to the substituted URL. If you use this flag, you must prefix the substitution with http://www.somesite.com/, thus making it into a true URL. If no code is given, then a HTTP reponse of 302 (temporarily moved) is sent.

06. 另外, 大家常說的 301、302, 實際上是 301、307?

  a. 301 Moved Permanently

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.

The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

  b. 302 Found

The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.

The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

  c. 307 Temporary Redirect

The requested resource resides temporarily under a different URI. Since the redirection MAY be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.

The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s) , since many pre-HTTP/1.1 user agents do not understand the 307 status. Therefore, the note SHOULD contain the information necessary for a user to repeat the original request on the new URI.

If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

08. 由於實在太好奇 302 v.s. 307, 於是又 Google 了一下, 終於發現原因了, 原來一個是 HTTP/1.0 Hypertext Transfer Protocol (下面), 一個是 HTTP/1.1 Hypertext Transfer Protocol (上面)。

  a. 301 Moved Permanently

The requested resource has been assigned a new permanent URL and any future references to this resource should be done using that URL. Clients with link editing capabilities should automatically relink references to the Request-URI to the new reference returned by the server, where possible.
The new URL must be given by the Location field in the response. Unless it was a HEAD request, the Entity-Body of the response should contain a short note with a hyperlink to the new URL.

If the 301 status code is received in response to a request using the POST method, the user agent must not automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

  b. 302 Moved Temporarily

The requested resource resides temporarily under a different URL. Since the redirection may be altered on occasion, the client should continue to use the Request-URI for future requests.
The URL must be given by the Location field in the response. Unless it was a HEAD request, the Entity-Body of the response should contain a short note with a hyperlink to the new URI(s).

If the 302 status code is received in response to a request using the POST method, the user agent must not automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

Ref: // 其實只有參考第一個, 複製了它的解釋, 其它篇是覺得寫得不錯, 值得收藏一下^^
01. mod_rewrite, a beginner's guide (with examples)
02. 301-redirect
03. Apache mod_rewrite
04. SEO Tips - Mod Rewrite Non-WWW to WWW
05. Using Mod-rewrite to Redirect Non-www URL to www URL
06. Improve Your SEO By Redirecting Non-WWW Traffic to WWW
07. Redirect Visitors From Non-WWW To WWW Version Of Your Website With .htaccess And mod_rewrite