Support

Ask your host to disable Apache custom error pages for HTTP status codes 401 and 403. The PHP strict notice is actually irrelevant to your issue.

Why does this happen? When you enable password protection all you're doing is create a .htaccess which tells Apache that the administrator directory is password protected. The next time your browser tries to access a resource in that directory it has to present a valid HTTP Basic Authentication header. If it doesn't, Apache returns an HTTP 401 status which, in turn, instructs the browser to ask you for the username and password (and then store it in its authentication cache for the browsing session).

However, HTTP 401 is an HTTP error status. Apache has a feature called custom error pages. Depending on the HTTP error status returned (4xx and 5xx) you can configure it to return a page with custom HTML content instead of the standard stark error message. This holds true even for the 401 status whose error page is normally NOT shown to the user. The problem is that the configure custom error page does not exist. This causes Apache to change the HTTP status to a 404 Not Found error. This breaks the authentication flow.

If that wasn't bad enough, Joomla is always configured to catch all 404 errors and try to figure out if it should try and serve a page instead. This is required for the correct operation of search engine friendly URLs. Now Joomla sees the 404 error with a URL it cannot understand so it tries to route it through com_content (the articles component). Hard as it may try, it can't find an article category which matches the URL, therefore throws the error you are receiving.

I know that's a crazy sequence of events but you'd surprised at how common it is. In fact, I think I might document it for the next version of Admin Tools.