Even if you are able to secure login.fcc access completely, the hacker could still do the same to your custom login page.
Brute force login attack could be prevented in other ways. Like implementing smretries for e.g or temporarily locking out the user.
If your concern is DDOS attacks , then they can be prevented at webserver level.
Sent from my iPhone