Same thing, I get locked out and I have to restore the .htaccess and wp-config files through a server rollback. Here’s the lockout notice:
Access restricted http://blog-en.openalfa.com/how-to-serve-static-content-in-wordpress-from-a-cookiel
It used to just say “Access restricted” but then it started carrying the URL to a post I was reading about creating cookieless subdomains. Why it would do that makes no sense other than BPS is reading/holding on to cookies in some way. BPS is stuck in the past and holding on to nonexistence old information. Also, why does this lockout login popup not take any legitimate user login info?
There is nothing in the error log referencing either the lock-out or blocked/missing images.