To be honest, neither one is going to be better than the other from a security standpoint. From a server load standpoint, it is actually more work for the server if you do this using php than using htaccess.

Personally, I would do it using htaccess, mainly because I can tie it into my firewall. This way, I can block, ban, and restrict people from the firewall level, which is ultimately the best way to prevent people from doing things.