Should I use .htaccess or the NukeSentinel™ database or both to block IP addresses?

Actually, the database is used by default. If your server runs Apache AND you choose to set the configuration such that your .htaccess path is defined AND you set the configuration for one or more blockers to use .htaccess, it will add blocked IPs to both your database and the .htaccess file.

Since your server (again, assuming you have Apache) checks the .htaccess file BEFORE allowing access to your website, you can prevent access from specified IPs at the server level. If you do not block at the server level via .htaccess, NukeSentinel™ will look at the database to determine which will be blocked.

If you have a high volume site, you might prefer to use the .htaccess since that method will require less effort than having PHP-Nuke via NukeSentinel™ check the database.

One disadvantage of using the htaccess is that it adds another layer of complexity to what NukeSentinel™ does. If NukeSentinel™ doesn't correctly update the .htaccess file, it could cause server errors and prevent all access to your site. I experienced this when manually adding blocked IPs, but I simply edited the .htaccess file and removed the bad characters to correct.

If you don't have a high volume site or you don't feel comfortable editing the .htaccess file (it's pretty straightforward, I think, and you most likely won't need to do so), I'd suggest just using the database (i.e. let NukeSentinel™ do the work).

This Q&A was found on: http://freesoftwarereviews.org/modules.php?name=FAQ&file=index&myfaq=yes&id_cat=1