Webmasters and server administrators have long valued .htaccess files for a wide range of uses — from access controls to enhance security; to redirects for performance and search engine optimization.
While you may be familiar with these flexible files and their myriad uses, have you ever considered how the order that the directives appear in the file may affect its operation?
By placing the access controls first, you eliminate unwanted user-agents such as spam bots and spiders, from further processing.
When it comes to maximizing performance and security, it’s “first things first.”
Although .htaccess files can perform many functions and accommodate many server configurations, the basic event ordering strategy should be access controls first, followed by external redirects and then ending with internal rewrites. If you are using WordPress, place its .htaccess commands at the very end.
The strategy is simple, conserving precious web server resources and boosting speed. By placing the access controls first, you eliminate unwanted user-agents such as spam bots and spiders, from further processing. This could include error traffic and visitors from regions you cannot monetize, as well as users not logged into a website member’s area.
This saves time, for example, by not wasting resources redirecting non-canonical-domain requests by unwelcome visitors. Likewise, keeping previously rewritten internal server file paths from further external redirects will prevent browsers and search engines from displaying or indexing these incorrect file paths. If you get this wrong, it may eliminate any benefits of using search engine-friendly URLs.
Webmasters can further refine this process by applying specific redirect and rewrite requests before general ones. This means the first requests affect the least number of URLs, while the following requests affect the greatest number of URLs.
Will this care in ordering provide a noticeable performance boost? On high-traffic sites, the answer is likely to be “yes!” Just be sure to backup your .htaccess file before rearranging it.