I just spent a good couple of minutes hitting my head against the wall, trying to figure out why a perfectly good .htaccess file suddenly stopped working.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /YOUR_PATH/www/.htpasswd
AuthGroupFile /dev/null
require valid-user
After commenting things out it seemed that it was the last line that was causing the problems. However do not be fooled. Careful inspection and a bit of Google searching led me back to the AuthUserFile declaration.
But what could be wrong with it? The file exists on the server. The passwords are properly encrypted. The problem was the "www" folder. Or should I rather say symlink. Changing "www" to the original folder: “public_html” solved the issue.
Moral for today: .htaccess does not like symlink folders when it comes to .htpasswd...