NaNHost servers have wordpress brute-force protection, so you may see a POPUP Authorization box to provide “admin” as your username and password, so the real wp-login.php will be shown.

However, you can easily off “POPUP Authorization box”. Just add the following lines in the “.htaccess” under public_html folder.

Note: If you don’t show .htaccess file

1. See right-top “setting” click here
2. ✓ Click “Show Hidden Files (dotfiles)”
3. Click “save”

<FilesMatch "wp-login.php">
AuthType None
require all granted
</FilesMatch>

This will do the job! No more pop-up authorization box for wp-login.php access!