Htaccess Site Speed Impact
Does the .htaccess File Slow Site Performance
Bloggers often ask the question “does using .htaccess for security or redirection slow down the site”? The answer should perhaps not be a simple yes or no. Some hosts recommend .htaccess should not be too large (not have a lot of rules) as it has a bad impact on performance. Then again some users have very long lists of rules in their .htaccess files and their sites are still fast enough to satisfy visitors and accepted Google page load speeds.
We need to weigh the benefits of using .htaccess for security, redirection and site configuration against any performance penalties (or advantages). Once we understand how .htaccess works on our blogs we can make the decision how we will this extremely useful file.
How .htaccess Works
Put simply, .htaccess tells your hosting server how to handle requests. The best known function performed by .htaccess for WordPress is using “pretty permalinks” or clean URLS. Every blog using permalink structure other than the default machine name URLS has a .htaccess file. It’s short, just a few lines of text – less than 1KB file size.
Every time the site (server) receives a request the .htaccess is loaded before anything else takes place. This is where the popular claim that site response speed can get knocked comes from. The larger the file, the longer it takes to load. Only after loading this file will the server handle the incoming request, process the instruction, serve files.
What You Can Do with .htaccess
With .htaccess you can take control over several of the ways your site works. We’ve already mentioned URL (permalink) structure but that’s only a small part of this files function.
Error Handling with .htaccess
You can use the .htaccess file to handle several error states. The error most important to bloggers is the 404 “Page Not Found” error. Broken links may harm your SEO efforts, worse the can drive visitors away from your blog. WordPress (and other CMS) have plugins to redirect these broken links to a page of your choice, and some of them work well. Every WordPress site should use one.
These 404 handler plugins usually work with the WordPress database; a request arrives at the server looking for a broken link, the plugin looks up the redirect instruction in the database, tells WordPress where to send the request, the correct page is served.
All this takes time. There are several steps in the process, each one adds to the total time taken to respond. The database is a large file, the more posts, comments and pages, the more plugins installed, the bigger the database. Your database could be 4MB or 40 MB in size, or even bigger.
.htaccess can be a lot faster for redirection. It loads first, there’s no database look-up, so all it does is tell the server which page to serve.
On the other hand, redirection with .htaccess means the redirect rules are loaded every-time a request is received, both for “good” links and broken links, which means loading good links could take a bit longer.
Our normal practice is to redirect the most used 404 errors with .htaccess, and let a plugin handle the less common ones. We also use a plugin to log 404’s. Then we can see which get requested often, and can add the redirect rule to the .htaccess file – the best of both worlds
Security and .htaccess
Website security is something we must all be concerned about. For bloggers using Apache Linux hosting using .htaccess for security is the best way to protect the site. We can deny access completely to bad requests – those looking for vulnerable scripts, bad query string based trawls looking for vulnerabilities, attacks from bad IP addresses, block unwanted and malicious bots.
.htaccess rules let us keep attackers away from the server.
For bloggers on shared Apache hosting, .htaccess is nearly always the only way to take control over your blog security.
This is where the .htaccess file can start getting big. For example, if we have a long list of blocked bad IP addresses, a list of regional blocks stopping access from unwanted regions, the file can grow to 100kB or more. It takes longer to load a 100KB file than to load the basic WordPress .htaccess file of 1KB.
When it comes to security however, we should never compromise. But it’s up to the blogger to decide if security is more important than the fastest possible site performance (and an inevitable hacked website).
How Much Impact Does a Large .htaccess File Really Have?
At least we can answer this question easily – it depends on the hosting server! If you’re hosted an a poorly set-up or overloaded server, it will have a noticeable impact. If your blog uses a decent hosting solution with well configured fast servers with enough resources to handle all the sits hosted, then the impact is negligible – a few milliseconds at most.
Let’s put it this way: Take a typical WordPress blog with a selection of (good) popular plugins, let’s say with 100 posts/pages, the site is properly cached (as ever WordPress site should be), with only a default (WordPress rules) .htaccess file it should serve most pages UNDER 1000 milliseconds most of the time. If the average page speed is longer than that, the server is crap! Move to a better host.
Add a 100kB .htaccess file to a site hosted on a good server. The difference in speed should not be more than 2 or 3 milliseconds! 2, 3 or even 10 milliseconds is not going to break Google ranking for poor site speed or upset visitors (humans cannot even detect such a short period of time).
But if the blog is on a server that takes 3, 4 or 10 seconds to respond, then it may add a lot more. Realistically though, even 100ms is negligible. If the server is slow, the hosting company are a bunch of idiots. Unfortunately there’s a lot of these hosts around. And they are not always the obscure, small almost unknown hosts. Some of the very big names in the industry provide this sort of crappy hosting with as many as 6000 or 7000 sites on a single under-powered server.
Proof of Good Hosting is in the Results
This may sound like an advert for our hosting service (perhaps it is! – but we only provide fully managed hosting at this time).
One of our managed hosting sites’ was recently rated by a VISITOR as one of the FASTEST sites the visitor had come across. Nice to hear such praise. That WordPress site is fast – records show pages are served as fast as 18 milliseconds, and 3 month average is ±260 ms. ON SHARED HOSTING – and no CDN.
Our own Drupal site hosted on the same server has average page load speeds around 680 milliseconds, and best in last 3 months of 237 ms. And we believe we can still improve this – but that’s for another article.
.htaccess Can Make a Site Faster
Nearly everything you’ve heard so far is telling you .htaccess does slow down site performance – even if it’s only a tiny amount. Now we are going to tell you .htaccess can make a site faster, MUCH FASTER.
We are talking about using .htaccess for caching!
WordPress NEEDS caching for performance. The fastest way to cache WordPress (or any other system on most shared hosting) is using .htaccess rules. Using .htaccess to cache WordPress can improve site performance by a second or more. The improvement is most noticeable on poor servers, but even on good hosting it’s possible to gain 500ms – significant speed improvement.
Use .htaccess for redirection, security and caching