The errors started a week after I introduced a password protection for extra layer of security for the site
I have removed the password protection in htaccess and deleted .htpasswd which I thought triggered the authorization permission errors. What that did was to halt the rise of the authorization permission errors. However, the errors simply remained constant - it did not increase but it also did not decrease. And yes, I keep getting messages in GWT about the authorization permission errors
No, I wouldn't just Disallow /wp- Although that would probably fix your immediate issue, it might disallow other files that you don't want to block, because it's a bit too open-ended for my taste and that could lead to unintended issues in the future.
Since you want to block crawling of /wp-login.php, why not Disallow exactly that?
Given the constant attacks we've had since last year, we moved to a new webhost this year and are making sure that the server this time is properly configured and hardened. Once the migration is done this week, I'll revisit the robots.txt file again and simply do /wp-login.php disallow