Try this approach:
$ htpasswd -bc /tmp/secure_admin.txt admin password
Then on your nginx virtual host conf.
location ^~ /wp-login.php {
auth_basic "Restricted Area: WordPress";
auth_basic_user_file /tmp/secure_admin.txt;
}
Then restart the service:
$ service nginx restart
403 Forbidden after correct login:
This can be caused by permissions or a non-existent or invalid directory index directive.