Following these steps will avoid the problem of wordpress rewrite engine kicking in and sending 404 messages:
Step 1: Update the .htaccess file to point to the unauthorised login file
Method 1: Include this code at the top of your .htaccess file:
ErrorDocument 401 default
If that doesn’t work, you may need to create the 401 file…
(1) Create an 401.shtml
This can simply have <html></html> as content. It doesn’t need anything… wordpress just needs to be able to see it or it will serve a 404.
(2) Update the .htaccess file
Edit the .htaccess file with this code right at the top. Edit with the appropriate full path to the error.html file.
ErrorDocument 401 /401.shtml
ErrorDocument 403 /401.shtml
Step 3: Update the .htaccess file with info on password protected files / directories
These are useful instructions. Put this code just after the code in step 1, before the wordpress rewrite engine instructions. Edit with the appropriate full path to your htpasswd file.
AuthName “Restricted Area”
Note: If the password dialogue appears but you still get a 404 error after logging in, this means the password file is in the wrong place ie it is NOT located at the file locations indicated in step 3.