When using the .htaccess to add password protection to your site in combination with the .htaccess 301 redirect added by Really Simple Security; this could result in a redirect to URL’s such as: https://example.com/401.shtml.
A simple solution that has been reported to work is to add the following line:
ErrorDocument 401 default
To the top of your .htaccess file. So, the end result looks approximately like this (the error document should come before the password lines):
# Error Document
ErrorDocument 401 default
#password protection
AuthType Basic
AuthName "YOUR AUTH NAME"
AuthUserFile "/path/to/file"
require valid-user
# BEGIN Really Simple Security
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
# END Really Simple Security
Then clear cache and cookies. For more details on this issue, see this forum thread: