force captcha on multisite login forms

I run a multisite which has been recently DDOS attacked with massive user automated login on one of my subsites (it was different of a brute force attack because the attacker first created a subsite, and then used his correct log/pass to sign in to his own subsite hundreds of times/min).

So, I am looking for a way to force each login form (wp-login.php) of each subsite to use a captcha.

(I already network activated the 'SI CAPTCHA' plugin but subsite admins still have the possibility to unable the login form captcha)

Thanks for your advice!