PHPackages alleyinteractive/wp-alleyvate - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. alleyinteractive/wp-alleyvate ActiveWordpress-plugin[Utility & Helpers](/categories/utility) alleyinteractive/wp-alleyvate ============================= Defaults for WordPress sites by Alley. v3.9.1(6mo ago)3434.2k—0.9%2[19 issues](https://github.com/alleyinteractive/wp-alleyvate/issues)GPL-2.0-or-laterPHPPHP ^8.2CI failing Since Mar 28Pushed 4mo ago22 watchersCompare [ Source](https://github.com/alleyinteractive/wp-alleyvate)[ Packagist](https://packagist.org/packages/alleyinteractive/wp-alleyvate)[ RSS](/packages/alleyinteractive-wp-alleyvate/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (6)Versions (30)Used By (0) Alleyvate ========= [](#alleyvate) Alleyvate contains baseline customizations and functionality for WordPress sites that are essential to delivering a project meeting Alley's standard of quality. Installation ------------ [](#installation) Install the latest version with: ``` composer require alleyinteractive/wp-alleyvate ``` Basic usage ----------- [](#basic-usage) Alleyvate is a collection of distinct features, each of which is enabled by default. Each feature has a handle, and sites can opt out of individual features with the `alleyvate_load_feature` or `alleyvate_load_{$handle}` filters. Features load on the `after_setup_theme` hook, so your filters must be in place before then. ### Disabling Features [](#disabling-features) The intention of this plugin is that all features should be on by default, unless there is a good reason to turn them off. For example most sites will want to have the `disable_comments` feature turned on, unless a site is actually using WordPress comments, in which case it should be turned off. To disable a feature, use the `alleyvate_load_{$feature_name}` filter and return `false`. For example, to tell Alleyvate to *not* disable comments: ``` add_filter( 'alleyvate_load_disable_comments', '__return_false' ); ``` Features -------- [](#features) Each feature's handle is listed below, along with a description of what it does. ### `cache_slow_queries` [](#cache_slow_queries) This feature caches/optimizes slow queries to the database to improve performance. It is enabled by default and currently includes the following slow queries with the relevant filters to disable them: - `alleyvate_cache_months_dropdown`: The dropdown for selecting a month in the post list table. ### `clean_admin_bar` [](#clean_admin_bar) This feature removes selected nodes from the admin bar. ### `disable_apple_news_non_prod_push` [](#disable_apple_news_non_prod_push) This feature disables pushing to Apple News when not on a production environment. This is determined by setting the `WP_ENVIRONMENT_TYPE` environment variable, or the `WP_ENVIRONMENT_TYPE` constant. ### `disable_attachment_routing` [](#disable_attachment_routing) This feature disables WordPress attachment pages entirely from the front end of the site. ### `disable_block_editor_rest_api_preload_paths` [](#disable_block_editor_rest_api_preload_paths) This feature enhances the stability and performance of the block edit screen by disabling the preloading of Synced Patterns (Reusable Blocks). Typically, preloading triggers `the_content` filter for each block, along with additional processing. This can lead to unexpected behavior and performance degradation, especially on sites with hundreds of synced patterns. Notably, an error in a single block can propagate issues across all block edit screens. Disabling preloading makes the system more resilient—less susceptible to cascading failures—thus improving overall admin stability. For technical details on how WP core implements preloading, refer to `wp-admin/edit-form-blocks.php.` ### `disable_comments` [](#disable_comments) This feature disables WordPress comments entirely, including the ability to post, view, edit, list, count, modify settings for, or access URLs that are related to comments completely. The blocks are also removed from the Gutenberg block editor. Some commenting features are still available to logged in users in order to allow the functionality of the block notes feature introduced in WordPress 6.9. ### `disable_custom_fields_meta_box` [](#disable_custom_fields_meta_box) This feature removes the custom fields meta box from the post editor. ### `disable_dashboard_widgets` [](#disable_dashboard_widgets) This feature removes clutter from the dashboard. ### `disable_deep_pagination` [](#disable_deep_pagination) This feature restricts pagination queries to, at most, 100 pages by default. This value is filterable using the `alleyvate_deep_pagination_max_pages` filter, or by passing the `__dangerously_set_max_pages` argument to `WP_Query`. ``` // An example. $query = new WP_Query( [ 'paged' => 102, '__dangerously_set_max_pages' => 150, ] ); ``` ### `disable_file_edit` [](#disable_file_edit) This feature prevents the editing of themes and plugins directly from the admin. Such editing can introduce unexpected and undocumented code changes. ### `disable_pantheon_constant_overrides` [](#disable_pantheon_constant_overrides) This feature prevents Pantheon environments from forcing CLI and Cron runs to use the `WP_HOME` or `WP_SITEURL` constants, which have been shown to force those environments to use an insecure protocol at times. ### `disable_password_change_notification` [](#disable_password_change_notification) This feature disables sending password change notification emails to site admins. ### `disable_site_health_directories` [](#disable_site_health_directories) This feature disables the site health check for information about the WordPress directories and their sizes. ### `disable_sticky_posts` [](#disable_sticky_posts) This feature disables WordPress sticky posts entirely, including the ability to set and query sticky posts. ### `disable_trackbacks` [](#disable_trackbacks) This feature disables WordPress from sending or receiving trackbacks or pingbacks. ### `disable_xmlrpc` [](#disable_xmlrpc) This feature disables XML-RPC (and removes all methods) for all requests made to XML-RPC that come from IPs that are not known Jetpack IPs. ### `force_two_factor_authentication` [](#force_two_factor_authentication) This feature forces users with `edit_posts` permissions to use two factor authentication (2fa) for their accounts. ### `login_nonce` [](#login_nonce) This feature adds a nonce to the login form to prevent CSRF attacks. ### `noindex_password_protected_posts` [](#noindex_password_protected_posts) This feature adds noindex to the robots meta tag content for password-protected posts. ### `prevent_framing` [](#prevent_framing) This feature prevents the site from being framed by other sites by outputting a `X-Frame-Options: SAMEORIGIN` header. The header can be disabled by filtering `alleyvate_prevent_framing_disable` to return true. The value of the header can be filtered using the `alleyvate_prevent_framing_x_frame_options` filter. The feature can also output a `Content-Security-Policy` header instead of `X-Frame-Options` by filtering `alleyvate_prevent_framing_csp` to return true. By default, it will output `Content-Security-Policy: frame-ancestors 'self'`. The value of the header can be filtered using `alleyvate_prevent_framing_csp_frame_ancestors` to filter the allowed frame-ancestors. The entire header can be filtered using `alleyvate_prevent_framing_csp_header`. ### `redirect_guess_shortcircuit` [](#redirect_guess_shortcircuit) This feature stops WordPress from attempting to guess a redirect URL for a 404 request. The underlying behavior of `redirect_guess_404_permalink()` often confuses clients, and its database queries are non-performant on larger sites. ### `remove_shortlink` [](#remove_shortlink) This feature removes the shortlink from the head of the site. By default, WordPress adds a shortlink to the head of the site, which is not used by most sites. ### `user_enumeration_restrictions` [](#user_enumeration_restrictions) This feature requires users to be logged in before accessing data about registered users that would otherwise be publicly accessible. Its handle is `user_enumeration_restrictions`. WordPress core ["doesn't consider usernames or user IDs to be private or secure information"](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a-security-issue) and therefore allows users to be listed through some of its APIs. Our clients tend to not want information about the registered users on their sites to be discoverable; such lists can even disclose Alley's relationship with a client. ### `twitter_embeds` [](#twitter_embeds) This feature adds full support for `x.com` URLs for oEmbeds. Out of the box, only `twitter.com` URLs are fully supported in WordPress (the block editor, it should be noted, [replaces x.com with twitter.com](https://github.com/WordPress/gutenberg/blob/a2b6d39d01d023b6c7c48ad6df5002b78a06794d/packages/block-library/src/embed/edit.js#L161-L166)). This feature also adds fallback handling for Twitter's oEmbed API endpoint, which can unpredictably and inexplicably return 404 responses (see [the X Developers Forum for numerous threads on the topic](https://devcommunity.x.com/tag/oembed)). If a 404 is encountered, the response is passed through the `alleyvate_twitter_embeds_404_backstop` filter, along with data about the request and the number of attempts to that endpoint during this pageload. By default, Alleyvate hooks into this filter to provide one additional attempt at getting a successful response from a proxy server, if the ENV variable `TWITTER_OEMBED_BACKSTOP_ENDPOINT` is set. WPVIP offers a fallback proxy server which seems to reliably return a valid response. If one doesn't have a proxy service, one suggestion would be to hook into this filter to enqueue a cron task that makes many (e.g. up to 100) rapid-fire requests to twitter until a successful response comes back. In experimenting with the Twitter oEmbed endpoint, we've found that it both works and fails in spurts, and if we make 100 requests in a loop, we eventually get a 200 response. ### `yoast_performance_enhancements` [](#yoast_performance_enhancements) Adds a feature to improve Yoast SEO and Yoast SEO Premium performance. Disables the Yoast SEO Indexables feature. Disables the Yoast SEO Premium Prominent words feature. About ----- [](#about) ### License [](#license) [GPL-2.0-or-later](https://github.com/alleyinteractive/wp-alleyvate/blob/main/LICENSE) ### Maintainers [](#maintainers) [Alley Interactive](https://github.com/alleyinteractive) ### Health Score 51 — FairBetter than 96% of packages Maintenance62 Regular maintenance activity Popularity39 Limited adoption so far Community23 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor3 3 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~42 days Recently: every ~64 days Total 24 Last Release 180d ago Major Versions v1.0.0 → v2.0.02023-04-23 v2.4.0 → v3.0.02024-03-08 PHP version history (3 changes)v1.0.0PHP ^8.0 v3.0.0PHP ^8.1 v3.9.0PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/d2679da8ee30c4d7eae16ffd2271484027b3b27be6d7fb8202d5e4c6d210881d?d=identicon)[alleyinteractive](/maintainers/alleyinteractive) --- Top Contributors [![srtfisher](https://avatars.githubusercontent.com/u/346399?v=4)](https://github.com/srtfisher "srtfisher (131 commits)")[![anubisthejackle](https://avatars.githubusercontent.com/u/1724534?v=4)](https://github.com/anubisthejackle "anubisthejackle (118 commits)")[![vancoder](https://avatars.githubusercontent.com/u/1987246?v=4)](https://github.com/vancoder "vancoder (45 commits)")[![dlh01](https://avatars.githubusercontent.com/u/697432?v=4)](https://github.com/dlh01 "dlh01 (38 commits)")[![kevinfodness](https://avatars.githubusercontent.com/u/2650828?v=4)](https://github.com/kevinfodness "kevinfodness (34 commits)")[![jakewrfoster](https://avatars.githubusercontent.com/u/1018205?v=4)](https://github.com/jakewrfoster "jakewrfoster (29 commits)")[![juliobranha](https://avatars.githubusercontent.com/u/6450969?v=4)](https://github.com/juliobranha "juliobranha (28 commits)")[![mboynes](https://avatars.githubusercontent.com/u/465154?v=4)](https://github.com/mboynes "mboynes (25 commits)")[![mogmarsh](https://avatars.githubusercontent.com/u/11542164?v=4)](https://github.com/mogmarsh "mogmarsh (17 commits)")[![renatonascalves](https://avatars.githubusercontent.com/u/19148962?v=4)](https://github.com/renatonascalves "renatonascalves (17 commits)")[![llflannery](https://avatars.githubusercontent.com/u/6392184?v=4)](https://github.com/llflannery "llflannery (15 commits)")[![mslinnea](https://avatars.githubusercontent.com/u/7308162?v=4)](https://github.com/mslinnea "mslinnea (11 commits)")[![willowCeleste](https://avatars.githubusercontent.com/u/54474119?v=4)](https://github.com/willowCeleste "willowCeleste (7 commits)")[![nikkifurls](https://avatars.githubusercontent.com/u/19735805?v=4)](https://github.com/nikkifurls "nikkifurls (2 commits)") --- Tags wordpresswordpress-plugin ### Embed Badge ![Health badge](/badges/alleyinteractive-wp-alleyvate/health.svg) ``` [![Health](https://phpackages.com/badges/alleyinteractive-wp-alleyvate/health.svg)](https://phpackages.com/packages/alleyinteractive-wp-alleyvate) ``` ### Alternatives [illuminate/session The Illuminate Session package. 9937.4M753](/packages/illuminate-session)[illuminate/cookie The Illuminate Cookie package. 224.3M122](/packages/illuminate-cookie)[codefog/contao-haste haste extension for Contao Open Source CMS 42650.8k139](/packages/codefog-contao-haste)[netgen/content-browser Netgen Content Browser is a Symfony bundle that provides an interface which selects items from any kind of backend and returns the IDs of selected items back to the calling code. 14112.1k8](/packages/netgen-content-browser)[leapt/core-bundle Symfony LeaptCoreBundle 2529.1k4](/packages/leapt-core-bundle)[robole/sulu-ai-translator-bundle Translate any type of content using DeepL 181.3k](/packages/robole-sulu-ai-translator-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)