If you have set up an htpasswd login to your admin (which is a good idea) you may be having to login twice to the htpasswd popup – once for an http and again for an https connection. This is so you’re authenticated in both connections which use different ports.
However it’s a good idea also to run your admin completely under https and by adding the following to the top of the admin htaccess (not store htaccess file), you direct all admin urls to run under https.
Note – you must have 1) an htpasswd login setup and 2) an SSL certificate stored on your server to use this modification.
Find /admin/.htaccess and add at the top under the first commented line:
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "mywebsite.com"
ErrorDocument 403 https://mywebsite.com/adminNote – change ‘mywebsite.com’ and also the ‘mywebsite.com/admin’ to your actual store’s domain name and admin (which shouldn’t be ‘admin’ either as this is a security risk.)