The wp-admin folder has required files to run the WordPress dashboard. So, all your visitors don’t need to access it. It will be good to enable only a few selected IP addresses to access the wp-admin folder. You can limit access to certain users like editors, contributors, and other admins. You can use this code snippet in the .htaccess file:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # whitelist My IP address allow from xx.xx.xx.xxx # whitelist John's IP address allow from xx.xx.xx.xxx </LIMIT>