Password protect directory but not files

I’m running a WP+WOO site for a client and thought that a simple way to secure the admin login area would be to password protect it. The problem is that sometimes (especially on WooCommerce pages) there’s one or two files that get called from /wp-admin and this triggers the login popup.
I’ve googled a lot on how to do this with htaccess but I couldn’t find anything, and the closes thing I found is 10 years old and is not working for me.

Any ideas on how to achieve this?