If you have a directory protected by a password using HTTP Basic Authentication (set up in cpanel for instance) you will get 404 errors due to the way the WordPress permalinks works.
The solution is to add this to the top of your .htaccess file in the site root:
#prevent 404s when accessing password protected directories
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
You dont need to upload a valid error.html file
Full explanation here: