The Basics

Don't Use .htaccess Unless You Must

You read that right. Don't use it!

You may think I'm crazy. After all, doesn't everybody use the .htaccess file? WordPress and most other CMSs recommend using it. All these developers, SEOs, and generally techie people recommend it. So, why shouldn't you use it?

Trust me when I say that the need to use the .htaccess file is one of the greatest blights ever perpetrated by armatures and lazy developers. The .htaccess file has a use, and we will talk about that at the end of this chapter. However, people use it too often.

Anything you can do with a .htaccess file you can do with the server main configuration file better!

If you have root access to your server, you can make changes in the httpd.conf file for Apache. This is much better than using the .htaccess file.

Why you should not use the .htaccess file.

The reason you should not use the .htaccess file is that it slows down every request. This performance hit is only increased when your server is under high load. Because the .htaccess file modifies the server configuration in a directory, it essentially forces the server to reconfigure when serving from that directory.

That takes time!

The server must execute the .htaccess file to use it. This means that the server will need to use extra RAM, CPU power, and computing time to process a .htaccess file. This means each request that runs through a .htaccess file will take more resources and time.

You may not think this is a huge problem. But, this problem compounds itself when you stack .htaccess files in directories and sub-directories.

let me show you this problem in detail with an example.

Example: .htaccess Server Load

Your website is built with WordPress. Your blog has a few pictures in each post. Let's say your root domain is located in the /public_html directory.

The following images are included in a blog post.

  • /public_html/wp-content/uploads/2017/06/image1.jpg
  • /public_html/wp-content/uploads/2017/06/image2.jpg
  • /public_html/wp-content/uploads/2017/06/image3.jpg

You also have an .htaccess file in /public_html and one in /wp-content.

This means that your server must execute the first .htaccess file. Then it must execute the second one. After that, it looks for a .htaccess file in /uploads, then in /2017, and finally in /06.

Server load caused by two .htaccess files on a server. Results in 3 file system reads and 6 file system stats.

That may not seem too bad. However, let's count things up. The 2 .htaccess files were executed a combined 6 times. The web server looked for .htaccess files 15 times (once for each image in each directory).

Let's add the request for the blog post itself. If the blog post is located at http://www.example.com/blog/2017/06/example-blog-post. The 2 .htaccess files have been executed a total of 10 times and there were 16 looks for .htaccess files. Why not 19 looks? The path to the blog post is not made of actual directories. /blog/2017/06/ is created dynamically by the PHP WordPress runs on. The server does not look for .htaccess files in directories that do not exist.

This means that if there was a single PHP file executed there would be 11 file system reads and 19 file system stats. These are the numbers we really want to pay attention to. They tell us what the server must do.

We need to be honest. No WordPress site has one PHP file and three images needed for each page load. We load lots of image, CSS, and JS files for every page.

For sake of argument let's look at a real WordPress website out in the wild.

Example: On a Real Website

We will look at a page that comes from a very average but very real website. The website is built with WordPress and has a .htaccess file in the site root directory.

Here are all of the file quantities by type served for one blog post.

  • 6 HTML files
  • 5 CSS files
  • 5 JS files
  • 26 image files
  • 104 external files (We will not be counting external files since they are not processed through the local server.)

That is 42 local files. And a total of 146 files.

In this WordPress site the CSS and JS files come from a few locations. Most of the CSS comes from /wp-content/theme/[theme name]/. The JS files come from /wp-content/theme/[theme name]/, /wp-content/plugins/, and /wp-includes/js/. This is a very standard WordPress setup.

Before this page can be rendered for the visitor in needs 42 separate .htaccess executions and 249 separate looks for the .htaccess file.

The poor server has a total of 84 file system reads and 249 file system stats.

Note: If the Apache server had the AllowOverride directive set to none (disabling the use of .htaccess files) it would have 42 file system reads and 42 file system stats.

You can see how adding one .htaccess file increases the server load. If you use several .htaccess files you multiply the server load exponentially.

You are reading this because you care about SEO. Server configuration may not be your forte. However, a server that is receiving extra load from unneeded .htaccess files is a slower server. The time to first byte (TTFB) and total page load time are vital factors in both Google crawl rate and user experience.

Our conclusion then is that you should avoid plaguing your server with extra .htaccess files.

For more information on this problem please refer to the Apache .htaccess documentation, and Like Apache: .htaccess by Nginx.

When should you use .htaccess files?

There is only one good reason to use .htaccess files. The reason is this. You don't have access to the main server configuration file.

This is a common problem. Most shared hosting accounts don't have access to the main server configuration file. Therefore, they need distributed configuration files in each hosting account. The .htaccess file is a distributed configuration file that allows configuration changes only in the directory that it resides in.

If you are using shared hosting you will likely need to use a .htaccess file to make configuration changes to your server.

If you are using a virtual private server or a dedicated server, you should have access to the main server configuration file (usually called httpd.conf). If you do have access to that file, you should make all server configuration changes there. It is much more efficient. It can even be done on a per-directory basis just like the .htaccess file.

The difference is that all per-directory configurations are specified in one configuration file, not a dozen scattered around your server that need to be executed for every request.

If you cannot avoid using .htaccess files, you should follow these rules.

  1. Use only one .htaccess file. (Or as few as possible.)
  2. Place the .htaccess file in the site root directory.
  3. Keep your .htaccess file short and simple.
Daniel Morell

Daniel Morell

I am a fullstack web developer with a passion for clean code, efficient systems, tests, and most importantly making a difference for good. I am a perfectionist. That means I love all the nitty-gritty details.

I live in Wisconsin's Fox Valley with my beautiful wife Emily.

Daniel Morell

I am a fullstack web developer, SEO, and builder of things (mostly digital).

I started with just HTML and CSS, and now I mostly work with Python, PHP, JS, and Golang. The web has a lot of problems both technically and socially. I'm here fighting to make it a better place.

© 2018 Daniel Morell.
+ Daniel + = this website.