[Defender] Defender: Masked Login Area inefficient for bots visiting "//wp-login.php"

Bots are getting smarter to target login areas, even with Masked login area activated. I've got multiple reports of failed logins on "//wp-login.php".
By simply adding an extra forward slash, bots can still access the default WP login form.
Defender should tighten its security rules and cover these bypasses.