Since wp-login.php is the default login page for most WordPress sites, the Password Protection can help prevent unauthorized access or malicious access. In addition, this method can also help reduce the strong attacks. In general, you can implement password protection by 2 ways: manually add a password or use the WordPress best security plugin.
Manually setting is too much trouble, the simplest way is to install the WordPress best security plugin. The powerful AskApache Password Protect is a good choice. This plugin is specifically designed to stop automated attackers attempts to exploit vulnerabilities on your blog that result in a hacked site. Use this plugin, you can get password protection function of the login page by simply setting. NOTE: Remember to backup your site to prevent from any error.
It is fast and effective to enhance WordPress login security by using password protection wp-login, but if you website is a large multi-user webste, WordPress best plugin do not recommend you use this method.