Yesterday I password protected my wp-admin folder and cheered enthusiastically when the familiar password dialog appeared after I clicked on "Site Admin".

Today, instead of a password request, I was greeted with "Page Not Found".

Checking the webserver showed that the wp-admin folder hadn't been kidnapped, yet my browser was telling me otherwise. So what is going on here?

An hour of toiling over a hot google revealed the answer. It seems that attempting to enter the wp-admin folder when it has particularbeen protected by a .htpassword file generates a 401 Unauthorised request, followed by the webserver serving an error document which apparently doesn't exist, leading to a big, fat "404 Page Not Found" and no login prompt. Nice, huh?

The solution was to create an error document in the root of my website and point the webserver at it using the ErrorDocument directive in the .htaccess file. In my case, I created an empty file called "error.html" in the root of my blog sub-domain and then added the following lines to the .htaccess file in the wp-admin folder.

ErrorDocument 401 myerror.html
ErrorDocument 403 myerror.html

It's all so easy if you know the secret handshake.