WC 3.x asks visitors in the front-end for a password (with wp-admin hardened)

Since years I have my WP hardened with /wp-admin/ folder password protected by .htaccess

Today I upgraded from WC 2.x to latest WC 3.x

Since that moment, all visitors that are normally browsing in the front-end are asked (in every page loading) for a password.

That’s because it seems that WC 3.x calls /wp-admin/css/color-picker.min.css in the front-end.

Not a good practice at all.