How to deal with the load when holding F5 on wp-login?

Hello! There is a VPS for $5 from DigitalOcean, it runs several sites with a total traffic of about 3k hosts per day. Installed nginx + php-fpm. Fastcgi cache configured. When viewing the content of sites, the load on the processor is negligible.

If you hold down F5 on a page with content, the server will not feel much of anything, since the page will be served from the cache, however, if you go to the wp-login.php page and hold down f5 there, the processor load will increase to 100% and several php-fpm processor.

Unfortunately, I don’t have enough skills in setting up servers, I can do something according to the guide, but no more. The question is, is there anything that can be done so that the user, when accessing the wp-login.php page, cannot put my server down by pressing the f5 key? Reading on a toastera similar question , they recommended installing WP-FFPC, but I don’t know if it will help me in this matter? Please tell me, maybe there are some solutions, examples of configs, etc.
UPD: NGINX configs and host of one of the sites.
nginx.conf:

user www-data;
worker_processes 1;
pid /var/run/nginx.pid;

events {
  worker_connections 768;
  # multi_accept on;
}

http {
  client_max_body_size 20M;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  server_tokens off;

  #Limit Request
  limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
  limit_req_status 444;

  server_names_hash_bucket_size 64;
  # server_name_in_redirect off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  gzip on;
  gzip_disable "msie6";
  gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
  # gzip_vary on;
  gzip_proxied any;
  gzip_min_length 1100;
  gzip_comp_level 3;
  gzip_buffers 16 8k;
  gzip_http_version 1.0;
  #gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

  #Nginx Helper Wordpress
  fastcgi_cache_path /home/server/nginx-cache levels=1:2 keys_zone=WORDPRESS:10m inactive=30m; 
  fastcgi_cache_key "$scheme$request_method$host$request_uri";
  fastcgi_cache_use_stale error timeout invalid_header http_500;	
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

server {
  listen   80; 
  server_name site.name www.site.name;
  
  root /home/server/htdocs/site.name/www;
   	
  access_log /home/server/logs/site.name/nginx.access.log;
  error_log /home/server/logs/site.name/nginx.error.log;
  index index.php index.html index.htm;

  #request
  location = /wp-login.php {
    limit_req zone=one burst=1 nodelay;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    limit_req_status 444;
  }

        #Enable Browser Cache
  location ~* \.(jpg|jpeg|gif|png|ico|css|pdf|ppt|txt|bmp|rtf|js)$ {
       		access_log off; 
    expires 30d;
    #add_header Pragma public;
  		#add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  }

  #Block HotLink
  location ~ \.(jpeg|png|gif|jpg)$ {
    valid_referers none blocked site.name *.site.name;
    if ($invalid_referer) {
    return 403;
    }
  }	

  error_page 404 /404.html;
  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
    root /etc/nginx/error;
  }
  
        #Nginx Helper
  set $skip_cache 0;

  # POST requests and urls with a query string should always go to PHP
  if ($request_method = POST) {
    set $skip_cache 1;
  }   
  if ($query_string != "") {
    set $skip_cache 1;
  }   

  # Don't cache uris containing the following segments
  if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
    set $skip_cache 1;
  }   

  # Don't use the cache for logged in users or recent commenters
  if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
    set $skip_cache 1;
  }
  
  location ~ .php$ {
    try_files $uri =404; 
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_cache_bypass $skip_cache;
          fastcgi_no_cache $skip_cache;
    fastcgi_index index.php;
    fastcgi_cache WORDPRESS;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
    fastcgi_cache_valid 200 301 202 404 60m;
  }
  
  location ~ /purge(/.*) {
      fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
  }	
  
  #WORDPRESS conf
  location / {
  try_files $uri $uri/ /index.php?$args;
  }
  location = /favicon.ico {
    log_not_found off;
    access_log off;
  }
  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }
  location ~ /\. {
    deny all;
  }
  location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
  }
  
  rewrite /wp-admin$ $scheme://$host$uri/ permanent;	
}