You’ll find sometime that when you deploy WordPress in order for permalinks to work correctly you need a proper .htaccess file. This .htaccess also affects anything else you place within your web root when WordPress lives.
For instance if you need to password protect a directory within the your webroot where WordPress lives. You’ll find that when you do so, and try to visit that folder in a web browser that a 404 WordPress page will be displayed. To fix this, you simply need to add the following to your main .htaccess file that has your WordPress rules.
ErrorDocument 401 default
This should then allow you to use your password protected directories as you normally would if you didn’t have WordPress installed.
Source: http://www.andrewrollins.com/2008/01/22/wordpress-and-htaccess-password-protected-directories/