Login pages are not made of wood and continuous attacks do not weaken them. The whole point of having strong passwords is that however many attacks are performed against the user the probability of successful guess in your lifetime is zero. Best way to protect your user accounts are by having strong password.
If you believe strong passwords are not practical for your admins (or that they are too lazy to use them) you might want to force them to use things like google authenticator app which runs on their smartphone and produces verification code for them to use on login (one plugin that integrates with it – https://wordpress.org/plugins/google-authenticator/)
Back to the question, yes you can have several different login forms, and check the capabilities of user associated with the login name and if he doesn’t have the manage_options capability and based on that decide whether to continue the login process or not depending on the form you are handling at that moment.