[Defender] Defender Mask Login Area URL overridden by wordpress redirect by /login

I've turned on Defender's new "Mask Login Area" option, as my site has been previously attacked by mass bot registrations, and the team told me that updating the Mask Login Area would change both the login URL and the registration URL. I've noticed, however, that Wordpress is still allowing /login to redirect to my newly designated login URL.

While I'm glad that the stock wp-login.php URL has been removed, I can't imagine it's terribly difficult for bots to start targeting /login, effectively dumping them onto my newly designated login URL...