WordPress ActivityPub S2S Media Delivery System Redesign and Improvement Plan: Strategy for Secured Pull Model Adoption #2377

Jiwoon-Kim · 2025-10-27T17:20:37Z

Jiwoon-Kim
Oct 27, 2025

WordPress ActivityPub S2S Media Delivery System Redesign and Improvement Plan: Strategy for Secured Pull Model Adoption

I. Introduction: C2S/S2S Boundary Analysis and Definition of S2S Media Delivery Issues

I.1. Technical Diagnosis of Current ActivityPub Media Federation

The current WordPress ActivityPub plugin federates media based on the traditional server-to-server (S2S) inbox/outbox pattern of ActivityPub.1 When content is published, the logic that transforms WordPress internal attachment Post Types (Transformer) operates,3 including the media in the attachment property of the ActivityStreams object. This Activity is pushed to the inboxes of all subscribed remote servers.

The key issue with this classic Push model is inefficient bandwidth consumption. As soon as an Activity propagates, all subscriber servers that receive the media URL attempt to download the media file and store it in the local cache. This generates large simultaneous outbound traffic (bandwidth spikes) on the origin server immediately after post publication, regardless of whether the content will actually be exposed to users. Furthermore, the origin server fundamentally cannot precisely control the caching policies or content validity period on receiving servers.

I.2. Analysis of S2S Incompatibility of the C2S uploadMedia Endpoint

The uploadMedia endpoint defined by the W3C Social Web Community Group is designed for client-server (C2S) interactions, where clients POST requests to the server to upload media.4 The specification states that clients must submit media files as multipart/form-data messages, and the server must verify that the client is properly authenticated to accept the request.4

This authentication mechanism is generally based on OAuth 2.0 bearer tokens5 or equivalent user authorization.6 That is, uploadMedia assumes explicit authorization delegation for a user account. In contrast, server-to-server (S2S) communication primarily uses HTTP Signatures5 to verify the server's identity and the integrity of activities. Therefore, applying a C2S-only OAuth-based endpoint to an S2S environment without modification violates the ActivityPub protocol layer's role separation and causes a security model conflict. Since there is no user client authorized to upload media files in S2S communication, using C2S uploadMedia for S2S media delivery is technically inappropriate.

From the technical background of the wider Fediverse ecosystem, ActivityPub C2S specifications explicitly lack or insufficiently address essential features for modern social applications, such as media upload, search, and real-time updates.8 As a result, mainstream Fediverse platforms including Mastodon have historically used custom APIs instead of the standard C2S, causing API fragmentation that hinders client development interoperability.8 Considering this, rather than forcibly adopting standard C2S, WordPress proposing a secure and efficient S2S media resource read API as a new Pull model endpoint—addressing a common gap across the Fediverse—can lead standardization and improve Fediverse interoperability.

I.3. Core Proposal: Introduction of WordPress Attachment ID-Based Secured S2S Media Pull Model

The core proposal of this report is to complement the inefficient Push-based media delivery system by establishing a S2S-exclusive media library Pull endpoint (mediaLib) leveraging WordPress's architectural strengths.

This model includes not only the media file URL but also the WordPress internal attachment Post Type ID in the attachment property of the ActivityPub object. Remote servers, upon receiving an Activity, do not download the file immediately; instead, upon a user request, they send an authenticated S2S GET request with this ID to the mediaLib endpoint. This converts media delivery into a Pull-caching model, maximizing bandwidth efficiency and ensuring long-term data integrity using WordPress internal identifiers.

II. ActivityPub Protocol Boundaries and CMS Structure Utilization

II.1. S2S Value of WordPress Attachment Post Type

In WordPress, attachments are one of the core post types, acting as containers for information about the media file itself.10 These posts persistently store metadata such as file name, description, image dimensions, thumbnails, and location in the wp_postmeta table. The internal identifier (Post ID) serves as a unique reference key that remains unchanged throughout the media file’s lifecycle.

ActivityPub objects must use globally unique URIs as identifiers.5 WordPress generates unique permalink URIs based on internal attachment Post IDs (e.g., integer 17894), such as https://travel-in-busan.com/?attachment_id=17894, and uses this URI as the ActivityStreams object id. This complies with ActivityPub standards.

However, when a remote server calls the proposed S2S mediaLib endpoint (/wp-json/activitypub/v1/actor/{user_id}/mediaLib/{attachment_id}) or receives an Update activity to modify a local object,10 the origin WordPress server must determine which local attachment object is requested in the most efficient manner.

Inefficiency of URI parsing: If only complex URIs are provided in the ActivityStreams object, the server must parse the URI string each time (e.g., extract integer 17894 from ?attachment_id=17894) and reverse lookup in the local database to obtain the integer Post ID. This introduces unnecessary processing overhead in large-scale S2S communication.
Direct reference in Pull endpoint: The proposed S2S Pull endpoint is designed to receive the integer attachment_id parameter directly, so explicitly including this integer local ID in a non-standard namespace (e.g., wp:attachmentId) within the ActivityStreams object is the most efficient approach.

Thus, using a non-standard namespace to include local identifiers has strategic value10 for long-term data consistency management and high-performance Pull model lookup (Direct Lookup). It optimizes communication between WordPress environments and reduces processing overhead for metadata updates and media retrieval.

Additionally, WordPress provides a clear template hierarchy for attachment Post Types, allowing single media pages to be displayed in the order of image-jpeg.html, image.html, attachment.html, etc.11 This indicates that the url property of an ActivityPub object can point to a resource including detailed metadata or a web page, not just a binary file link.

II.2. ActivityStreams Standard Media Object Structure and Role of FEP-1311

ActivityPub is based on the ActivityStreams 2.0 data format, but lacks official specifications for media attachment mechanisms, leading to fragmentation within the Fediverse.12 To address this gap, community efforts like FEP-1311 (Fediverse Enhancement Proposal 1311) have been undertaken, documenting current practices and recommending including structural properties such as width and height in media objects.12

The proposed S2S mediaLib endpoint should return ActivityStreams Image, Video, or Document objects that comply with FEP recommendations. This ensures WordPress media objects maintain high interoperability with mainstream Fediverse platforms.

III. Media Delivery Models: Push vs. Pull Comparative Analysis

To fundamentally improve ActivityPub-based S2S media delivery, the limitations of the traditional Push model must be overcome and a Pull model adopted.

III.1. Model A: Limitations of the Traditional Outbox Push Model

The traditional ActivityPub model posts an Activity including media URLs to the inbox of all subscriber servers whenever a new Activity occurs.5 While this guarantees immediate delivery, it contains the following critical inefficiencies:

Bandwidth concentration: Immediately after post publication, the origin server receives simultaneous media download requests from many subscriber servers, causing bandwidth spikes and unnecessary resource consumption.
Unwanted content reception: Receiving servers must receive and store all media regardless of user request, exposing them to storage and bandwidth misuse risks.
Lack of caching control: The origin server cannot strongly enforce media cache lifetimes or validation criteria on receiving servers.

III.2. Model B: Necessity of the S2S Media Library Pull Model

The S2S Pull model converts media delivery into a web-standard caching architecture.

Similarity to CDN architecture: This approach resembles the operation of Pull CDNs (Origin Pull CDN). Rather than the content owner directly uploading (Push) files, the CDN retrieves files from the origin server upon user requests (Cache Miss).13 Pull is simple to configure and transmits content only when actual traffic occurs, increasing efficiency.14

ActivityPub standard compliance and efficiency: ActivityPub specifies respecting HTTP caching mechanisms.5 Push models have lax control over standard caching, but adopting the S2S Pull model allows the origin server to dictate media validity periods and revalidation logic directly via HTTP response headers (e.g., Cache-Control, ETag). This gives the origin server authoritative caching control and maximizes network efficiency. Transitioning to the Pull model is a key step in converting inefficient protocol pushes into a web-standard-based, efficient CDN-like architecture.

The following table summarizes the key functional differences between the two models, supporting the rationale for redesigning the media delivery system.

Functional Comparison of Push vs. Pull Media Delivery in Fediverse

Feature	Traditional Push Model (Outbox POST)	S2S Pull Model (Proposed mediaLib GET)
Information delivery target	Activity (metadata) + media object (URL or Blob)	Activity (metadata and media URL) only
Bandwidth load timing	Immediately after post publication (High spike)	At subscriber server user request (Distributed, ongoing)
Caching control	Receiving server (difficult to control)	Origin server (controlled via HTTP headers)5
Content integrity/freshness	Requires explicit Update Activity on media updates	Easier via HTTP caching and real-time purging14
Major security risks	Storage and bandwidth abuse (unwanted content reception)	DoS attacks and unauthorized access (authentication required)

IV. Proposed Specification: S2S mediaLib Endpoint Design

To implement the S2S Pull model effectively, the WordPress ActivityPub plugin must establish a dedicated S2S mediaLib endpoint prioritizing security and standard compliance.

IV.1. Endpoint Definition and ActivityStreams 2.0 Mapping

The proposed endpoint is

built atop the WordPress REST API layer, providing access to a specific user’s media library.

Endpoint URI structure: /wp-json/activitypub/v1/actor/{user_id}/mediaLib/{attachment_id}
Request method: GET
Response format: JSON-LD content type, HTTP 200 OK.
Response content: Returns the ActivityStreams 2.0 object (e.g., Image, Document, Video) corresponding to {attachment_id}. This object must include the persistent URI (id), url pointing to the actual file location, mediaType, and width and height properties per FEP-1311 recommendations.12

IV.2. Security Implementation Details: Mandatory S2S Authentication via HTTP Signature

The greatest threat in the S2S Pull model is a remote server repeatedly requesting large amounts of media to perform a denial-of-service (DoS) attack on the origin server. Therefore, all GET requests to the S2S mediaLib endpoint must undergo strict server-to-server authentication.

HTTP Signature requirements: ActivityPub specifies the possibility of using HTTP Signatures in S2S communication.5 By enforcing this signature mechanism on GET requests to the S2S mediaLib endpoint, ordinary file requests are transformed into Authorized Media Retrieval protocol interactions.

Authentication and access control process:

Mandatory signature verification: The mediaLib endpoint must verify that all incoming GET requests contain a valid Signature header in the HTTP header. The signature must be verifiable using the remote server’s public key (sec:publicKeyPem).7 Requests without a valid signature must be denied with 403 Forbidden.
Authorization check: Valid signatures alone do not guarantee access. The server must check if the requested {attachment_id} media was previously federated. Further, it must verify whether the Activity containing this media was addressed publicly (to: Public) or explicitly (cc: [requesting server’s inbox]) to the requesting server.5 This access control step is critical for technically implementing the Fediverse’s trust-based security model.15

Applying HTTP Signatures to GET requests ensures media access occurs only within the legitimate Activity context at the protocol level, significantly mitigating DoS attack risks.

IV.3. Inclusion of WordPress-Specific Attributes and Caching Strategy

WordPress ID integration: Non-standard namespaces should be used in ActivityStreams objects to include the WordPress internal attachment ID (e.g., "wp:attachmentId": 1234). This metadata improves data integrity and media management efficiency between WordPress environments.

Use of standard HTTP caching headers: To maximize Pull model efficiency, mediaLib responses must include robust HTTP caching headers.

Cache-Control: Responses should specify the public attribute with the media validity period (e.g., max-age=2592000 for 30 days).
ETag: Include a hash of the file content in the response, allowing receiving servers to perform conditional GET requests (If-None-Match) after cache expiration, reducing unnecessary data transfer and conserving bandwidth.

Active use of these caching headers satisfies W3C ActivityPub specification requirements while optimizing S2S media transmission.5

V. Implementation Roadmap and Future Scalability

Transitioning S2S media delivery to a Pull model requires a gradual approach and should contribute to Fediverse standardization in the long term.

V.1. Phase 1: Transformer Improvement and ID Integration (Immediate Goal)

The first task is establishing the foundation for data consistency. Modify the existing class-attachment.php Transformer logic3 to include the WordPress Post ID in all federated ActivityStreams media objects using a non-standard namespace. This step lays the groundwork for leveraging WordPress internal data as metadata in federated objects before the actual mediaLib endpoint is built.

V.2. Phase 2: Security Enhancement and Initial S2S mediaLib REST Endpoint Implementation (Mid-Term Goal)

The next step is to construct the Pull endpoint with security mechanisms.

Endpoint registration: Register the S2S mediaLib endpoint in the WordPress REST API system and implement logic to return ActivityStreams 2.0 objects.
HTTP Signature integration: Integrate security middleware enforcing signature verification for all GET requests.5 This is essential for preventing DoS attacks and unauthorized access.
Caching mechanism construction: Dynamically generate Cache-Control and ETag headers based on file metadata and include them in responses.

This step enables testing Pull model functionality in a secure environment and validating bandwidth efficiency compared to the Push model.

V.3. Phase 3: Interoperability Enhancement and Advanced Media Feature Integration (Long-Term Goal)

The long-term goal is to maximize the efficiency of the S2S Pull model and drive standardization.

Media Deduplication (Content Addressing): As an advanced feature to improve efficiency in ActivityPub systems, consider adding file hashes to media objects (e.g., digestMultibase property). This allows receiving servers to check if identical content is already cached and avoid redundant downloads, fundamentally reducing network traffic.7

Fediverse Standard Proposal: If WordPress successfully implements and operates the Pull model, demonstrating its efficiency and security, this mediaLib model can be formally proposed as a FEP (Fediverse Enhancement Proposal), guiding the standardization of media Pull mechanisms. This positions WordPress not merely as a follower but as a protocol innovation leader in the Fediverse ecosystem.

VI. Conclusion and Recommendations

The WordPress ActivityPub plugin’s media delivery system must clarify the role separation of C2S and S2S protocols and transition to a Pull model optimized for S2S communication. The traditional Outbox Push model suffers from bandwidth inefficiency and lack of caching control, making it unsuitable for large-scale CMS environments.

Final Recommendations:

Immediate development of S2S mediaLib endpoint: Build a S2S-exclusive Pull endpoint returning ActivityStreams 2.0 objects using WordPress internal attachment IDs.
Enforce HTTP Signature-based security: Mandate HTTP Signature authentication for all mediaLib GET requests and implement access control policies to prevent DoS attacks and unauthorized access.
Actively leverage standard caching mechanisms: Include Cache-Control and ETag headers in mediaLib responses per W3C ActivityPub standards5 to maximize subscriber server caching efficiency.
Internal ID integration: Include WordPress attachment IDs in media object transformations to secure a core reference key for data consistency and media lifecycle management.

This redesign leverages WordPress’s architectural strengths and combines them with ActivityPub’s standardized security model, providing the most efficient, secure, and scalable media federation pathway.

References

ActivityPub – WordPress plugin, accessed October 28, 2025, https://wordpress.org/plugins/activitypub/
Engage a Wider Audience With ActivityPub on WordPress.com, accessed October 28, 2025, https://wordpress.com/blog/2023/10/11/activitypub/
Accessed January 1, 1970, https://github.com/Automattic/wordpress-activitypub/blob/trunk/includes/transformer/class-attachment.php
SocialCG/ActivityPub/MediaUpload - W3C Wiki, accessed October 28, 2025, https://www.w3.org/wiki/SocialCG/ActivityPub/MediaUpload
ActivityPub - W3C, accessed October 28, 2025, https://www.w3.org/TR/activitypub/
OAuth2 Authentication - Secure API Access - WordPress.com Developer Resources, accessed October 28, 2025, https://developer.wordpress.com/docs/api/oauth2/
ActivityPub - Mastodon documentation, accessed October 28, 2025, https://docs.joinmastodon.org/spec/activitypub/
ActivityPub Client API: A Way Forward - Steve Bate, accessed October 28, 2025, https://www.stevebate.net/activitypub-client-api-a-way-forward/
As far as I understand, most (all?) fediverse #ActivityPub software does not use the Client-to-server protocol from the specs (https://www.w3.org/TR/activitypub/#client-to-server-interactions) but rather use custom APIs instead. | NodeBB Community, accessed October 28, 2025, https://community.nodebb.org/topic/8fe7ceab-e097-4326-902e-3a282ac89c68/as-far-as-i-understand-most-all-fediverse-activitypub-software-does-not-use-the-client-to-server-protocol-from-the-specs-https-www.w3.org-tr-activitypub-client-to-server-interactions-but-rather-use-custom-apis-instead./21?page=4
Post Types – Theme Handbook | Developer.WordPress.org, accessed October 28, 2025, https://developer.wordpress.org/themes/classic-themes/basics/post-types/#attachment
Template Hierarchy – Theme Handbook | Developer.WordPress.org, accessed October 28, 2025, https://developer.wordpress.org/themes/templates/template-hierarchy/#attachment-media-hierarchy
FEP-1311: Media Attachments - Fediverse Enhancement Proposals - SocialHub, accessed October 28, 2025, https://socialhub.activitypub.rocks/t/fep-1311-media-attachments/4796
Pull CDN vs. Push CDN - System Design - GeeksforGeeks, accessed October 28, 2025, https://www.geeksforgeeks.org/system-design/pull-cdn-vs-push-cdn/
Push or Pull? A Detailed Comparison of Caching Methods for Your Company - CacheFly, accessed October 28, 2025, https://www.cachefly.com/news/push-or-pull-a-detailed-comparison-of-caching-methods-for-your-company/
Critique of ActivityPub and Mastodon from a #closedweb prospective : r/fediverse - Reddit, accessed October 28, 2025, https://www.reddit.com/r/fediverse/comments/1djsy9p/critique_of_activitypub_and_mastodon_from_a/

Jiwoon-Kim · 2025-10-27T17:50:18Z

Jiwoon-Kim
Oct 27, 2025
Author

Yes, here is a concrete example code modifying the get_attachment method of class-attachment.php so that the requested 'V.1. Phase 1' plan (Transformer improvement and ID integration) can be applied immediately.

The key change is adding the unique WordPress attachment ID ($this->item->ID) as a non-standard property (here named wordpressId) to the $attachment array that generates the ActivityStreams media object.

File to Modify: `includes/transformer/class-attachment.php`

Below is a complete example of the modified get_attachment method within the Attachment class in the includes/transformer/class-attachment.php file. Replace the existing code with this content.

<?php
/**
 * Attachment Transformer Class file.
 *
 * @package Activitypub
 */

namespace Activitypub\Transformer;

/**
 * WordPress Attachment Transformer.
 *
 * The Attachment Transformer is responsible for transforming a WP_Post object into different other
 * Object-Types.
 *
 * Currently supported are:
 *
 * - Activitypub\Activity\Base_Object
 */
class Attachment extends Post {
	/**
	 * Generates all Media Attachments for a Post.
	 *
	 * @return array The Attachments.
	 */
	protected function get_attachment() {
		$mime_type       = \get_post_mime_type( $this->item->ID );
		$mime_type_parts = \explode( '/', $mime_type );
		$type            = '';

		switch ( $mime_type_parts[0] ) {
			case 'audio':
				$type = 'Audio';
				break;
			case 'video':
				$type = 'Video';
				break;
			case 'image':
				$type = 'Image';
				break;
		}

		$attachment = array(
			'type'         => $type,
			'url'          => \wp_get_attachment_url( $this->item->ID ),
			'mediaType'    => $mime_type,
			/**
			 * V.1: Ensure data consistency for S2S Pull model
			 * * Include the original WordPress post ID (attachment ID) in the federated media object.
			 * This serves as a foundation for connecting federated objects with internal WordPress data
			 * when implementing the S2S Pull model such as mediaLib endpoint in the future.
			 */
			'wordpressId'  => $this->item->ID,
		);

		$alt = \get_post_meta( $this->item->ID, '_wp_attachment_image_alt', true );
		if ( $alt ) {
			$attachment['name'] = $alt;
		}

		return $attachment;
	}

	/**
	 * Returns the ActivityStreams 2.0 Object-Type for a Post based on the
	 * settings and the Post-Type.
	 *
	 * @see https://www.w3.org/TR/activitystreams-vocabulary/#activity-types
	 *
	 * @return string The Object-Type.
	 */
	protected function get_type() {
		return 'Note';
	}
}

Explanation of Key Changes

Added Code:
```
'wordpressId'  => $this->item->ID,
```
This single line was added inside the $attachment array definition.
wordpressId:
The requested "non-standard namespace" property name. This name can be freely changed according to plugin standards or team discussion to wp:sourceId, _wpId, sourceId, etc. wordpressId is an intuitive example.
$this->item->ID:
The unique WordPress post ID of the WP_Post object (i.e., the attachment) currently processed by the Attachment transformer.

Expected Result After Application (Example of ActivityStreams Object)

After applying this code, the attachment (media object) included in the Note type Activity object generated by WordPress will have the following format.

For example, if an image has ID 42 and an alt tag "Beautiful Sunset Photo":

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Note",
  "id": "https://example.com/wp-json/activitypub/1.0/object/123",
  "content": "This is a new post.",
  "attributedTo": "https://example.com/author/admin/",
  "attachment": [
    {
      "type": "Image",
      "url": "https://example.com/wp-content/uploads/2025/10/sunset.jpg",
      "mediaType": "image/jpeg",
      "name": "Beautiful Sunset Photo",
      "wordpressId": 42
    }
  ]
  // ... (other properties)
}

Now, all federated media objects explicitly include their original WordPress ID ("wordpressId": 42). This provides an important foundation for long-term data consistency and future feature expansion, even if the S2S Pull endpoint is not implemented immediately.

1 reply

Jiwoon-Kim Oct 27, 2025
Author

The entire example code modified by adding the standard id property to the previous code.

File to Modify: `includes/transformer/class-attachment.php`

Modify the get_attachment method as follows.

<?php
/**
 * Attachment Transformer Class file.
 *
 * @package Activitypub
 */

namespace Activitypub\Transformer;

/**
 * WordPress Attachment Transformer.
 *
 * The Attachment Transformer is responsible for transforming a WP_Post object into different other
 * Object-Types.
 *
 * Currently supported are:
 *
 * - Activitypub\Activity\Base_Object
 */
class Attachment extends Post {
	/**
	 * Generates all Media Attachments for a Post.
	 *
	 * @return array The Attachments.
	 */
	protected function get_attachment() {
		$mime_type       = \get_post_mime_type( $this->item->ID );
		$mime_type_parts = \explode( '/', $mime_type );
		$type            = '';

		switch ( $mime_type_parts[0] ) {
			case 'audio':
				$type = 'Audio';
				break;
			case 'video':
				$type = 'Video';
				break;
			case 'image':
				$type = 'Image';
				break;
		}

		$attachment = array(
			/**
			 * [Added] V.1: Add ActivityStreams standard 'id' property
			 * Use WordPress’s get_permalink() function to use the unique URL (permalink)
			 * of the attachment as the object’s standard identifier (id).
			 */
			'id'           => \get_permalink( $this->item->ID ),

			'type'         => $type,
			'url'          => \wp_get_attachment_url( $this->item->ID ), // Actual file address
			'mediaType'    => $mime_type,

			/**
			 * V.1: Ensure data consistency for S2S Pull model (non-standard property)
			 * Include the original WordPress post ID (attachment ID) in the federated media object.
			 * This provides the foundation for connecting internal data when implementing
			 * the S2S Pull model in the future.
			 */
			'wordpressId'  => $this->item->ID,
		);

		$alt = \get_post_meta( $this->item->ID, '_wp_attachment_image_alt', true );
		if ( $alt ) {
			$attachment['name'] = $alt;
		}

		return $attachment;
	}

	/**
	 * Returns the ActivityStreams 2.0 Object-Type for a Post based on the
	 * settings and the Post-Type.
	 *
	 * @see https://www.w3.org/TR/activitystreams-vocabulary/#activity-types
	 *
	 * @return string The Object-Type.
	 */
	protected function get_type() {
		return 'Note';
	}
}

Explanation of Key Changes

Added Code:

'id'           => \get_permalink( $this->item->ID ),

Added at the top of the $attachment array.

id (standard property):
In the ActivityStreams specification, id is a URI (address) that uniquely identifies the object.
The WordPress get_permalink() function returns the unique address of the corresponding post (attachment), so it is most suitable for this property.
url (standard property):
While id is the identifying address of the object itself (web page address),
url represents the actual address of the media file (e.g., .jpg file link).
The existing code already uses wp_get_attachment_url() properly for this purpose.

Expected Result After Application (Example of ActivityStreams Object)

Now both id and wordpressId are included, complying with the standard while clearly linking to the internal WordPress data (ID 42).

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Note",
  // ... (Note object properties) ...
  "attachment": [
    {
      "type": "Image",
      // (Standard) Object identifier (e.g., https://travel-in-busan.com/?attachment_id=42)
      "id": "https://example.com/wp-json/activitypub/1.0/object/42", 
      
      // (Standard) Actual media file address
      "url": "https://example.com/wp-content/uploads/2025/10/sunset.jpg", 
      
      "mediaType": "image/jpeg",
      "name": "Beautiful Sunset Photo",
      
      // (Non-standard) WordPress internal ID
      "wordpressId": 42 
    }
  ]
  // ... (Other properties)
}

(Note: The value returned by get_permalink($this->item->ID) may be in the form of ?attachment_id=42 or a REST API-style address such as .../activitypub/1.0/object/42, depending on WordPress settings. Either way, using this function is the standard method.)

Jiwoon-Kim · 2025-10-27T17:56:54Z

Jiwoon-Kim
Oct 27, 2025
Author

Yes, as requested, I have modified the code so that the url property of the Image type attachment includes an array of multiple image sizes (small, medium, large, etc.) generated by the WordPress Media Library.

This modification complies with the ActivityStreams standard.

For non-image (Image) types (Audio, Video): The url property continues to use the original file URL string as before.
For image (Image) types: The url property uses an array of Link objects. Each Link object specifies the URL, width, height, and media type of all available image sizes, including ‘full’ (original), ‘medium’, ‘large’, etc.

File to Modify: `includes/transformer/class-attachment.php`

Replace the get_attachment method with the following complete code.

<?php
/**
 * Attachment Transformer Class file.
 *
 * @package Activitypub
 */

namespace Activitypub\Transformer;

/**
 * WordPress Attachment Transformer.
 *
 * The Attachment Transformer is responsible for transforming a WP_Post object into different other
 * Object-Types.
 *
 * Currently supported are:
 *
 * - Activitypub\Activity\Base_Object
 */
class Attachment extends Post {
	/**
	 * Generates all Media Attachments for a Post.
	 *
	 * @return array The Attachments.
	 */
	protected function get_attachment() {
		$item_id         = $this->item->ID;
		$mime_type       = \get_post_mime_type( $item_id );
		$mime_type_parts = \explode( '/', $mime_type );
		$type            = '';

		switch ( $mime_type_parts[0] ) {
			case 'audio':
				$type = 'Audio';
				break;
			case 'video':
				$type = 'Video';
				break;
			case 'image':
				$type = 'Image';
				break;
		}

		// [New] If 'Image' type, generate an array of URLs for all sizes
		$attachment_url_property = \wp_get_attachment_url( $item_id ); // Default value (for Audio, Video, etc.)

		if ( 'Image' === $type ) {
			$metadata = \wp_get_attachment_metadata( $item_id );

			// If metadata exists and contains multiple size information
			if ( $metadata && ! empty( $metadata['sizes'] ) ) {
				$url_links = array();

				// 1. Add 'full' (original) size
				$url_links[] = array(
					'type'      => 'Link',
					'href'      => $attachment_url_property, // Original URL
					'mediaType' => $mime_type,
					'width'     => $metadata['width'],
					'height'    => $metadata['height'],
					'name'      => 'full', // (Non-standard) name for identification
				);

				// 2. Add intermediate sizes such as 'small', 'medium', 'large', etc.
				foreach ( $metadata['sizes'] as $size_name => $size_info ) {
					// Get [url, width, height] information for the size
					$image_src = \wp_get_attachment_image_src( $item_id, $size_name );

					if ( $image_src ) {
						$url_links[] = array(
							'type'      => 'Link',
							'href'      => $image_src[0],
							'mediaType' => $size_info['mime-type'],
							'width'     => $image_src[1], // Same as $size_info['width']
							'height'    => $image_src[2], // Same as $size_info['height']
							'name'      => $size_name, // (Non-standard) name for identification (e.g. 'medium')
						);
					}
				}

				$attachment_url_property = $url_links; // Replace 'url' property with Link object array
			}
		}

		$attachment = array(
			// [Modified] 'id' property: unique permalink of the attachment
			'id'           => \get_permalink( $item_id ),
			'type'         => $type,
			
			// [Modified] 'url' property: Link array for images, or original URL string for others
			'url'          => $attachment_url_property,
			
			'mediaType'    => $mime_type, // (Note) For images, this is the original MIME type

			// [Modified] 'wordpressId' (non-standard): original ID for S2S Pull
			'wordpressId'  => $item_id,
		);

		$alt = \get_post_meta( $item_id, '_wp_attachment_image_alt', true );
		if ( $alt ) {
			$attachment['name'] = $alt;
		}

		return $attachment;
	}

	/**
	 * Returns the ActivityStreams 2.0 Object-Type for a Post based on the
	 * settings and the Post-Type.
	 *
	 * @see https://www.w3.org/TR/activitystreams-vocabulary/#activity-types
	 *
	 * @return string The Object-Type.
	 */
	protected function get_type() {
		return 'Note';
	}
}

Explanation of Key Changes

$attachment_url_property variable:
- Stores the final value to be assigned to the url property.
- The default value is the original file URL string obtained through wp_get_attachment_url() (used for Audio, Video, etc.).
if ( 'Image' === $type ) condition:
- Executes the special logic only when the attachment type is Image.
- Retrieves all image size information through wp_get_attachment_metadata().
Creating the Link object array:
- Initializes the $url_links array.
- Original (full) size: Adds a Link object for the original image as the first element (including href, mediaType, width, height).
- Intermediate sizes (foreach loop): Iterates through $metadata['sizes'] to create Link objects for all registered sizes such as ‘thumbnail’, ‘medium’, and ‘large’, adding them to the array.
- name property (non-standard): Added for convenience so receivers can easily distinguish whether the size is 'medium', 'large', etc.
Final $attachment array:
- Assigns $url_links as the value of the url property if it is an image, otherwise assigns the original URL string (default $attachment_url_property).

Expected Result After Application (Example of ActivityStreams Object)

For an image attachment with ID 42, the url property of the attachment object will be in array form as follows:

{
  "type": "Image",
  "id": "https://example.com/?attachment_id=42",
  "mediaType": "image/jpeg",
  "name": "Beautiful Sunset Photo",
  "wordpressId": 42,
  
  "url": [
    {
      "type": "Link",
      "href": "https://example.com/wp-content/uploads/2025/10/sunset.jpg",
      "mediaType": "image/jpeg",
      "width": 1920,
      "height": 1080,
      "name": "full"
    },
    {
      "type": "Link",
      "href": "https://example.com/wp-content/uploads/2025/10/sunset-1024x576.jpg",
      "mediaType": "image/jpeg",
      "width": 1024,
      "height": 576,
      "name": "large"
    },
    {
      "type": "Link",
      "href": "https://example.com/wp-content/uploads/2025/10/sunset-300x169.jpg",
      "mediaType": "image/jpeg",
      "width": 300,
      "height": 169,
      "name": "medium"
    },
    {
      "type": "Link",
      "href": "https://example.com/wp-content/uploads/2025/10/sunset-150x150.jpg",
      "mediaType": "image/jpeg",
      "width": 150,
      "height": 150,
      "name": "thumbnail"
    }
    // ... (and so on for all registered sizes)
  ]
}

0 replies

Jiwoon-Kim · 2025-10-29T15:24:23Z

Jiwoon-Kim
Oct 29, 2025
Author

WordPress Zero-Sideload Federated Media Reference (ZFMR) Architecture Report

I. Introduction and Overview of the ZFMR Framework

1.1. The Current Challenge: WordPress Media Handling in the Fediverse Environment

In decentralized social networks, the general method of media exchange relies on copying the binary file itself to the consuming instance and aggressively caching it locally — a process known as sideloading. While this method is simple to implement, it weakens the authority of the original media owner and is inefficient in terms of resource utilization. The core objective of this framework is to evolve WordPress’s native attachment post from a simple local file reference into a globally addressable, fully functional ActivityStreams 2 (AS2) object.

The current ActivityPub plugin implementations for WordPress mainly focus on integrating standard blog posts (AS2 Note objects) and related comments.¹ To enable independent and direct commenting functionality on media items — for example, images — the corresponding attachment posts must be formalized as independent AS2 entities. This architectural requirement arises from the fact that the core ActivityPub specification does not define media handling in detail, which has led to the emergence of Federation Enhancement Proposals (FEPs) such as FEP-1311, aiming to document and standardize currently used methods and best practices.²

1.2. Overview of the ZFMR Architecture

The proposed Zero-Sideload Federated Media Reference (ZFMR) architecture consists of three interdependent core components designed to achieve maximum efficiency and protocol compliance:

Object Identifier Promotion: WordPress attachment posts (or their derivative CPTs) must be assigned stable, canonical, and dereferenceable AS2 id URIs. This designation is essential to treat media as a first-class object capable of receiving independent social interactions (e.g., comments).
Dual-Layer Persistence: Create a specialized local data structure — the Federated Media Object (FMO) — which stores metadata (e.g., original AS2 ID, URL, and size information) of remote media but does not store the related binary file (zero-sideload). This separation of metadata and binary data is decisive for achieving resource optimization.
Filter Injection: The WordPress ActivityPub serialization process must be strategically intercepted using the activitypub_attachment_ids filter.³ This ensures that when a local post is federated, the attachments field of the post refers not to local identifiers, but to the original authoritative remote AS2 URIs — preserving the integrity of the remote references.

1.3. Key Implications and High-Level Impact

Adopting a zero-sideload approach represents a significant architectural policy decision. By not caching binary files locally, the instance establishes a trust model that depends entirely on the persistence and availability of the remote host for content delivery. While this optimizes local resource usage, it introduces the drawback of increased external dependency risks.

For a media item to be commentable, it must be constituted as an independent Object owned by an Actor (the original author or blog instance) and possess its own inbox, separate from that of the parent Note object. This means that the lifecycle and interaction graph of the media object must be distinct from those of the parent post that includes it.

II. Protocol Compliance and First-Class Media Objects

This section examines the fundamental requirements derived from AS2 and FEP specifications necessary to validate media objects as independent, commentable entities.

2.1. Mapping WordPress Attachment Posts to Commentable ActivityStreams Objects

To facilitate direct commenting functionality on media, a WordPress attachment post must satisfy the basic AS2 criteria for an independent object. Specifically, all non-transient ActivityStreams Objects must possess an id attribute, a dereferenceable URI.⁴ This ID serves as the universal address of the object, essential for routing interactions within the Fediverse.

The architectural mapping designates the permalink of the WordPress attachment post (CPT entry) as its canonical AS2 ID. The internal WordPress Post ID functions as a persistent database key for tracking this external AS2 identifier. A media object is generally serialized as an AS2 Image type, but it must comply with all standard attributes required for a commentable object — including id, type, attributedTo, to, and the crucial url property that points to the actual binary resource.²

2.2. Deep Analysis of FEP-1311: Addressability Requirements for Media Attachments

FEP-1311 was specifically developed to address deficiencies and implementation gaps regarding media handling in the base ActivityPub specification.² Its core requirement is independent addressability of media attachment objects — meaning that an image possesses its own unique address and lifecycle, distinct from the post (Note) it’s attached to. This structure allows federated platforms like Mastodon or Pixelfed to display images and provide contextual menus that guide users to comment threads specialized for the image itself, separate from the Note thread containing it.

The evolving AS2 specification demands continuous vigilance during implementation. Discussions such as the proposed erratum in Example 79 of AS2, which concerns the placement of attributes like width and height, suggest that they should potentially be nested under the url property.² However, strict adherence to the latest AS2 errata may conflict with existing Fediverse implementations — for example, some analyses indicate that platforms like Mastodon may not yet parse objects structured according to this newly proposed format.² Therefore, the ZFMR architecture must integrate a conditional payload format through a serialization filter, prioritizing strong interoperability with major platforms (Mastodon/Pixelfed) over rigid adherence to the most recent structural updates in AS2.

2.3. The Need for a Dedicated Media Collection Endpoint

To allow remote instances to efficiently discover and query media objects published by a given WordPress instance (Objective 2), that instance must expose a dedicated collection endpoint.

ActivityStreams defines the concepts of Collection and OrderedCollection to structure and traverse large object sets.⁴ A new REST endpoint (e.g., registered under /actor/mediaLib/) should be implemented as an OrderedCollection linked from the Actor’s profile.⁵ This endpoint lists all media objects (canonical attachment posts) owned locally. By enabling remote systems to efficiently index authoritative media assets published by the WordPress instance, it facilitates the zero-sideload discovery process. Moreover, the ongoing “ActivityPub Media Upload Report” by the Social Web Community Group outlines the developmental trajectory of media protocol enhancements.⁴ The proposed mediaLib endpoint should be designed to easily integrate any standardized attributes or mechanisms emerging from this enhancement process, extending beyond basic AS2 paging capabilities to improve media indexing and discoverability.

A crucial design consideration arises from the distinction between internal and external identifiers. WordPress uses the same internal identifier (WP_Post ID) for both the metadata and file reference of a media object. During federation, this internal ID must serve either as (a) the AS2 ID for locally owned, commentable content, or (b) a local stub referencing remote content. The ZFMR system thus requires a sophisticated internal lookup mechanism capable of precisely tracking and distinguishing between locally authored media (which generate new AS2 IDs) and federated media objects (FMOs) that store and utilize remote AS2 IDs.

III. Federated Media Object (FMO) Architecture

This section details the mechanisms by which the separation of metadata (object cache) and binary data (file cache) achieves the zero-sideload objective.

3.1. Definition of the Federated Media Object (FMO) Custom Post Type (CPT)

An FMO serves as a local database record managing all metadata associated with remote media references. Its primary role is to persist essential metadata without downloading or storing the associated binary file (zero-sideload).

To manage this complex data cleanly, it is recommended to define a dedicated Custom Post Type (e.g., fmo_object) instead of extending the standard attachment post type via post meta fields. This ensures clear architectural separation. The FMO CPT must store key meta fields that define the remote resource:

Required FMO CPT Metadata Fields

Field Name	Mapping	Purpose in ZFMR
`post_title`	Attachment title	Descriptive title of the remote object.
`fmo_remote_as2_id`	Remote AS2 Object ID	Canonical, dereferenceable URI (used in AP filter).
`fmo_remote_url`	Remote AS2 Object URL	Direct link to the binary file.
`fmo_source_actor`	Remote Object `attributedTo`	Validation of attribution and source.
`fmo_dimensions`	Stored width/height/MIME type	Required for local rendering scaffolding and AS2 serialization.

FMO establishes a dual-layer persistence model that clearly distinguishes between metadata handling and binary data handling:

FMO Dual-Layer Persistence Model

Component	Persistence Target	Caching Policy	WP Storage Mechanism	Justification
Media Object (metadata/stub)	Local (persistent)	Mandatory cache	FMO CPT post meta	Required for local referencing and lookup via `activitypub_attachment_ids` filter (Objectives 2/4).
Media File (binary data)	Remote source	Non-persistent (zero-sideload)	None (filesystem)	Ensures resource optimization and strict adherence to remote URI integrity (Objective 2).

3.2. Implementation Strategy for Zero-Sideloading

To create an FMO, the default WordPress media ingestion process — designed for file transfers — must be actively bypassed. Remote image ingestion normally uses functions such as download_url() and wp_handle_sideload().⁶ For FMOs, these binary sideloading mechanisms must be intercepted and prevented.

Implementation involves registering a custom filter (executed before pre_wp_handle_sideload) or bypassing file-transfer function calls entirely. Instead of transferring the file, an HTTP HEAD request is used to validate the remote URI and gather essential metadata (content type, size, dimensions). This metadata is then used to populate the FMO CPT’s required fields. The system subsequently calls wp_insert_attachment() to create a database record but ensures that the standard WordPress attachment structure (e.g., _wp_attached_file) does not contain any actual file path, thereby enforcing zero-sideload behavior.

Because a standard WordPress attachment post expects a physical file path, potential points of failure arise. Since FMOs are processed in a zero-sideload manner, this file path will be absent or contain a placeholder value. When core WordPress functions attempt to access a file based on the local FMO ID, they will fail. Thus, the ZFMR framework requires extensive filtering (e.g., hooks for wp_get_attachment_url and wp_get_attachment_image_src) to ensure that whenever the local editor or frontend attempts to render or access an FMO, the system dynamically substitutes the expected local file URL with the stored fmo_remote_url.

3.3. Discovery and Indexing of Remote Media Libraries

To allow local authors to select remote media, the WordPress instance must be capable of querying and indexing remote media collections. This discovery involves a federated lookup where the local Actor sends an authenticated request to the remote Actor’s defined mediaLib collection endpoint (detailed in section 2.3).

During this indexing process, the local instance iterates through remote AS2 media objects, extracting their id, url, and dimensional metadata. A local FMO entry is created only if an authoritative fmo_remote_as2_id does not already exist. This conditional persistence mechanism prevents unnecessary duplication and ensures that the local media library efficiently indexes available remote assets that can be selected within the WordPress block editor interface.

Although zero-sideloading is the primary objective, a robust system must account for failure scenarios. If a remote server becomes persistently unavailable, the content integrity for local readers could be jeopardized. The FMO CPT should ideally include a status flag (fmo_status: remote_reference | local_cache_fallback) defining the policy for conditional persistence. This would allow manual or automated fallback to locally cached objects, ensuring that wp_handle_sideload is invoked only as a last resort.

IV. Local Post Federation and Remote URI Integrity Mechanism (Objective 3)

Ensuring that outgoing Activity payloads correctly reference the original remote media object’s URI is the most critical step in achieving zero-sideload compliance.

4.1. Outgoing Activity Control: Attachments Filter

When a local WordPress post is published as an AS2 Note object and federated, associated attachments (local files or FMO stubs) must be serialized into the Note’s attachments array. If a local ID corresponds to an FMO, the default serialization process expecting a local resource must be intercepted.

The core goal is to enforce the user’s requirement that the URI in the federated payload should point to the original remote media object rather than a local cache or stub.

4.2. Utilizing the activitypub_attachment_ids Filter Hook

The activitypub_attachment_ids filter is the official hook in the WordPress ActivityPub plugin flow for modifying the list of media items federated with a post.³ This filter serves as the architectural boundary where internal local IDs are transformed into external federated URIs.

The implementation performs the following essential transformations:

The filter receives the local attachment ID array ($media) associated with the parent post object ($item).
It iterates through these local IDs.
IDs corresponding to standard, locally sideloaded attachments remain unchanged in the array.
Critically: If an ID corresponds to an FMO, the system retrieves the related fmo_remote_as2_id (authoritative remote URI) and replaces the local FMO ID in the array with this remote URI.

This systematic substitution ensures that the ActivityPub serializer treats the referenced item as an external, dereferenceable AS2 object URI, not a local resource. Consequently, the attachments array of the Note object correctly includes the original remote URI, maintaining zero-sideload and source-reference integrity.

Standard AP implementations tend to optimize for faster lookups by internally using local database IDs (CPT IDs) instead of continually relying on remote URIs.⁸ Therefore, the ZFMR architecture must maintain a strict internal/external ID translation layer — that is, FMO ID (internal DB key) ↔ Remote AS2 ID (federated URI). The activitypub_attachment_ids filter represents the explicit and mandatory transformation point for this conversion.

4.3. Secure Dereferencing and Validation of Remote Media Objects

Referencing external remote URIs inherently introduces reliability and security concerns. ActivityPub mandates that receiving servers dereference linked objects to verify their validity and existence, preventing spoofing.⁴

To manage these risks, the FMO architecture must validate remote objects during initial ingestion, potentially storing the signature or hash of the original AS2 object payload. If the remote AS2 object is transient or malformed, the entire federation process must fail for that attachment — making this validation essential. Additionally, the local instance should maintain a trust policy that allows zero-sideload referencing of media only from trusted domains/Actors, enforcing full local sideloading or rejection for untrusted sources.

Finally, when a user chooses to include an FMO in a new post, the WordPress block editor interface must be able to browse indexed FMO CPT entries, allowing selection of federated media directly without local file storage.

Perfect — I’ll now translate only this final section (V–VII) literally, keeping every markdown heading, numbering, punctuation, and line break exactly as in your Korean text.
No summarizing, reordering, or interpretation — only a faithful, structure-preserving English translation.

V. Enabling Direct Media Commenting and Interaction Routing (Goal 1)

For a media object to actually be commentable, the local instance must be able to receive and correctly route inbound Activity streams that target the URI of the FMO.

5.1. Handling inbound Create (Note) activities targeting the media object URI

When an inbound Create activity representing a remote comment arrives in the inbox of the local Actor, the system’s routing logic must inspect the inReplyTo property of the contained Note object.

If the inReplyTo value matches the canonical URI of the local FMO (the attached post ID URL), the activity is routed specifically to that FMO. The comment payload (the remote Note) is then persisted in the WordPress comments table, but the comment_post_ID must be correctly set to the local WP Post ID of the FMO CPT stub. This ensures that the comment is decoupled from the post in which the media is embedded and is directly associated with the metadata record of the media object itself.

5.2. Routing Fediverse interactions to the FMO

All other forms of federated interactions that reference the authoritative URI of an FMO — such as Like and Announce activities — must follow the same mapping logic and be routed to the local WP Post ID of the FMO. This guarantees that engagement specifically targeting the media object, rather than the context in which it appears (as reflected by interaction metrics 9 displayed via tools like the Webmention plugin or Fediverse Reactions block), is accurately represented.

An essential consequence of this architecture is the strict separation of comment threads. When a user comments directly on a media object (FMO), that interaction must remain isolated and must not automatically merge with the thread of the post containing the media. Siloing comments on the dedicated attachment page of the FMO satisfies the core premise of FEP-1311 — object-centric, independently commentable media entities.

5.3. Displaying federated interactions in the WordPress attachment page template

To present these interactions to local users, the default WordPress attachment page template (e.g., attachment.php) must be overridden specifically for FMOs.
The customized template displays the remote image (sourced directly from the stored fmo_remote_url) alongside the standard WordPress comment thread associated with the FMO’s local Post ID.
Because inbound federated comments (Section 5.1) are correctly mapped to this ID, the dedicated attachment page effectively functions as a canonical, aggregated comment thread for the media object within the Fediverse.

VI. Architectural Optimization and Interoperability Constraints

This final section reviews implementation trade-offs, optimization strategies, and key aspects of interoperability.

6.1. Essential refinement proposal: Transient FMO vs. Persistent FMO

Creating a full CPT entry for every remote reference may lead to database bloat when many transient external links are involved.
The architecture should be optimized to distinguish between long-term and short-term reference needs.

The persistence policy for FMO creation must be improved.
A complete FMO CPT entry should only be generated under specific conditions:
(a) when the object is explicitly selected by a local user for long-term tracking or reuse, or
(b) when the remote AS2 object payload explicitly contains properties confirming independent state and commentability (e.g., a replies collection).
Remote media inserted merely as a standard HTML link within content should be treated as a simple external link, without generating an FMO record, to reduce unnecessary database overhead.

This refinement directly relates to ongoing discussions 10 about conditional persistence based on the stability of AS2 IDs.
If a remote media object lacks a stable, non-ephemeral AS2 id (often indicating media treated as transient attachments at its source), it must not be promoted to FMO status, as it cannot fulfill the independent commentability requirement (Goal 1).

6.2. Interoperability analysis: precedents in Fediverse media handling

Efficient federation requires a balance between strict AS2 standard compliance and the nuanced differences of real-world implementations.
Media-centric platforms such as Pixelfed serve as critical benchmarks. 11
Past federation issues observed on Pixelfed instances (e.g., path-listing failures, discovery or follow difficulties) 12 highlight the absolute necessity of a properly configured Actor model and WebFinger setup for a WordPress instance. 8

The architectural design must explicitly account for the risk that platforms such as Mastodon may fail to parse strictly defined, up-to-date AS2 formats correctly. 2
This implies that the WordPress serialization pipeline should remain flexible and implement dynamic serialization depending on the recipient domain.
For example, when the recipient is a Mastodon instance, serialization may adopt a widely accepted but slightly less compliant attachment format, while for Pixelfed, it can employ the structure defined in FEP-1311.

6.3. Advanced security: content delivery policies and trust model

The no-proxy policy shifts the burden of content delivery to remote servers, requiring careful consideration of Content Delivery Networks (CDN) and Cross-Origin Resource Sharing (CORS) policies.
Since both local users and remote federated clients fetch media files through remote URLs, the originating remote server must configure permissive CORS headers.
The ZFMR architecture recommends a robust CDN configuration for remote WP instances hosting media to ensure reliable cross-origin file retrieval.

Furthermore, referencing large quantities of remote media may inadvertently expose source servers to Denial-of-Service (DoS) risks.
The local FMO implementation should integrate protective mechanisms such as rate limiting for initial FMO discovery and periodic metadata checks, preventing the local instance from unintentionally over-consuming the resources of its federation partners.

VII. Conclusion and Step-by-Step Implementation Roadmap

7.1. Summary of the optimized architecture

The ZFMR framework provides a sophisticated and resource-efficient solution for integrating WordPress media into the Fediverse as first-class, commentable AS2 objects.
By strategically leveraging the specialized data structure — the Federated Media Object (FMO) CPT — and targeted protocol hooks such as activitypub_attachment_ids filter, this architecture successfully achieves a delicate balance between Fediverse protocol compliance (FEP-1311) and local resource optimization (no-proxy policy).
It ensures that outbound posts reference authoritative remote URIs, thereby enabling direct and independent interaction routing to the original media source.

7.2. Detailed implementation roadmap

Successful deployment requires a phased approach ensuring that the foundational data model is stable before implementing complex network interactions.

Stage	Title	Key Tasks	Architectural Deliverables
Stage 1	Identifier and discovery foundation	Implement FMO CPT structure and required custom fields (remote AS2 ID, URL, etc.). Register a dedicated mediaLib REST API collection endpoint. 4	FMO CPT schema; REST API endpoint.
Stage 2	No-proxy and ingestion	Implement conditional logic 6 that bypasses `wp_handle_sideload`, creating FMO database stubs without binary data. Implement internal filter (`wp_get_attachment_url`) that maps FMO IDs to remote URLs for local rendering.	ZFMR proxy-bypass logic and read-filter.
Stage 3	Federation integrity and output	Implement `activitypub_attachment_ids` filter 3 to replace local FMO IDs with authoritative remote AS2 URIs in outgoing Activity payloads. Implement conditional serialization logic to maximize interoperability.	AS2 filter hook implementation and interoperability logic.
Stage 4	Interaction and display routing	Implement inbox processing logic that routes inbound Create activities (comments) based on FMO URI matches. Map interactions to FMO IDs. Override WP attachment templates to display remote images with local comment threads.	FMO interaction router and template override.

2 replies

Jiwoon-Kim Oct 31, 2025
Author

Inspired by FileBird, I think that using an S2S Media Library endpoint could make it possible not only to query collections or individual image objects, but even to transfer them in bulk as a compressed archive.

Jiwoon-Kim Nov 2, 2025
Author

https://developer.wordpress.org/news/2024/01/building-dynamic-block-based-attachment-templates-in-themes/

This is a problem when building block themes, especially if you plan to include a custom attachment template. WordPress doesn’t currently have media blocks that let you dynamically attach data to them (like the current attachment’s ID).

Jiwoon-Kim · 2025-11-03T08:40:20Z

Jiwoon-Kim
Nov 3, 2025
Author

Specification Report on the Federated Media Architecture for Integration of WordPress, Pinterest, and Misskey Models

1. Introduction to the Integrated Media Architecture and Definition of Objectives

1.1. Background of Integration: Functional Analysis of WP, Pinterest, and Misskey Models

This integration project aims to combine the flexibility of the WordPress core with the advantages of a decentralized media management system and the ActivityPub protocol, which is the standard for social interaction.
Each source system possesses its own unique characteristics in media management.

WordPress’s basic Attachment Model performs the core function of storing metadata for media files uploaded to the local server.
Internally, this data is managed as an attachment post type, but since folders are organized based on the upload date by default, users find it difficult to logically classify files.
Due to this limitation, plugins such as FileBird and Media Library Plus introduce the concept of Virtual Folders, allowing users to visually organize media through a drag-and-drop interface, thereby improving UI efficiency.2

In contrast, the Pinterest and Misskey Drive Models focus on user ownership and collection organization.
Misskey Drive provides a personal media storage and Media Feed concept directly linked to the user profile, while Pinterest allows users to group local and external media into collections called Boards.

Finally, the ActivityPub Model enables decentralized Activities across all these objects.
This protocol is based on the ActivityStreams 2.0 data format and builds a federated network by transmitting activities such as ‘Create’, ‘Like’, and ‘Follow’ between servers.5
A federation environment built through the WordPress ActivityPub plugin allows local media to be exposed to the federated network and to receive Like activities from external users.5

1.2. System Architecture Overview: WP Core, Custom Layer, ActivityPub Integration

This integrated system utilizes the data management features of the WordPress core while securing scalability through three essential custom layers.

The first, Local Media Segregation Layer, implements user-level isolation for the existing attachment post type.
This includes view restrictions in the admin UI ([7, 8]) and a virtual folder structure through hierarchical taxonomy (9).

The second, Data Modeling & Relationship Layer, defines a remote_media CPT for managing external media objects and a media_board CPT/Taxonomy that groups these objects.
By using the Relationship Field of Advanced Custom Fields (ACF), many-to-many relationships between local and remote objects can be flexibly configured.10

The third, Federation & Persistence Layer, processes and stores ActivityPub activities.
To efficiently handle large-scale federated interactions (such as likes), the system adopts an optimized custom database table strategy instead of relying on core tables.11

1.3. Roadmap for Meeting Key Requirements

The core requirements for system implementation and their technical strategies are as follows:

Requirement	Implementation Strategy	Detailed Technical Approach
User Media Segregation	Attachment query filtering (UI isolation)	Filtering `ajax_query_attachments_args` and handling admin privilege exceptions.8
Virtual Folder Structure	Hierarchical taxonomy-based path definition	`register_taxonomy` with `rewrite` and `hierarchical=true` options.13
Remote Object Modeling	Define `remote_media` CPT	Set `rewrite=false`, `publicly_queryable=false` when calling `register_post_type`.[14]
Stable Permalinks	Custom routing based on user and folder	Use `add_rewrite_rule` to map `author_name` and taxonomy query variables.15
Federated Likes	Use high-performance custom DB table	Build `wp_user_likes` table and integrate with ActivityPub hooks.11

2. Data Modeling: Structural Definition of Local, Remote, and Collection Layers

2.1. Redefining the Local Media Model (attachment Post Type)

WordPress’s default attachment post type stores core metadata of media files, such as the uploader and file path.
To expand this model into a user-based organizational structure similar to Misskey Drive, a hierarchical taxonomy named user_folder_path must be defined.

This taxonomy should be attached to the attachment object using the register_taxonomy() function.9
By setting the hierarchical argument to true, it supports a nested folder structure (e.g., Travel / 2024 / Tokyo).
Such a hierarchical structure becomes the essential foundation for implementing logical URL routing in the format of
/user/{username}/{folder_slug}/, which will be discussed in Section 4.13

When users create folders and move files through an interface similar to FileBird or WP Media Folder, what’s actually happening behind the scenes is that the attachment post is being linked to a corresponding folder term.

2.2. Designing a Custom Post Type (CPT) for Remote Media Objects

To manage and track interactions (e.g., likes) for external media objects referenced from external URIs such as Pinterest Pins or ActivityPub remote objects, a CPT named remote_media must be defined.

The core structure of this CPT is as follows:

post_title: description of the media
post_content: original remote object’s URI
post_author: the local user ID who “referenced” or “saved” the remote object in the system

In addition, meta fields store the original ActivityPub ID (ap_remote_id) and the MIME type of the media.

The routing strategy for this CPT is critical.
Since the canonical ID of these objects is the remote URI itself, WordPress must be prevented from generating its own permalink.
Therefore, when calling register_post_type, both publicly_queryable and rewrite arguments must be set to false to disable automatic URL creation.14

In a decentralized federated network environment, ensuring data persistence is essential.
Since the federation protocol lacks a mechanism to enforce remote deletion of original objects after a given activity,6 users risk broken collections when remote servers go down or remove their media.

To mitigate this, whenever a user “likes” a remote_media object, the system should asynchronously call the media_sideload_image() function to download the image into a local cache folder.17
This cached file is not registered as a full attachment post, but it serves as a fallback thumbnail for users if the original remote image becomes unavailable.

2.3. Defining the Collection/Board Structure

To allow users to group media in a Pinterest-style board, define a CPT called media_board.
This CPT explicitly manages collections associated with each user profile, using the post_author field to indicate ownership.

For flexibility, this media_board CPT should use Advanced Custom Fields (ACF)’s Relationship Field to establish links.19
This relationship field must be configured to select and associate both local attachment CPT items and remote remote_media CPT items.10

Through this, users can combine their locally uploaded media and externally referenced remote objects into a single logical board, effectively integrating multiple sources into one cohesive collection.

3. User-Specific Local Media Management and Access Control

The core requirement of this system is to ensure that users can only manage their own media files, while administrators retain global visibility over all media assets — maintaining both security and manageability.

3.1. User-Centric Media Library Visibility Control (WP Admin UI)

When non-administrator users access the WordPress media library (in both grid and list views), they must be strictly limited to viewing only their own uploaded files.

The key mechanism for implementing this restriction is the ajax_query_attachments_args filter, which manipulates the WP_Query arguments used to load media in the WordPress admin backend.7

In practice, this can be achieved by injecting a conditional query that checks the current user ID.
If the user does not have the administrator capability (via current_user_can('administrator')), the filter sets $query['author'] to the current user’s ID, effectively filtering attachments by ownership.8

This conditional filtering ensures the principle that:

“Non-administrators can organize and manage their own files in user-specific virtual folders, but cannot view others’ uploads.”

This rule applies strictly within the admin UI, ensuring data segregation within the management interface.
Meanwhile, public-facing galleries or front-end media search views remain unrestricted — allowing global browsing of public media without role-based limitations.
Thus, the front-end layer serves as the alternative method for fulfilling the “global visibility” requirement.

3.2. Virtual Folder Structure Implementation and Database Mapping

The previously defined hierarchical taxonomy user_folder_path provides a visual file organization layer.

When a user creates a folder, this request is translated into the creation of a new taxonomy term under user_folder_path.
To manage folder ownership, each term must store the creator’s user ID using Term Meta fields.
This ensures that folders created by User A are not visible in User B’s admin interface, maintaining complete logical isolation.

When a user moves a file into a folder, the operation is processed by linking the attachment post and the folder term through the function wp_set_object_terms(), which updates the relationship in the WordPress database.

3.3. Summary of Media Access Control Logic

Media visibility and access control must be clearly defined on a role-based level.

User Media Visibility and Access Control Logic

User Role	Target Interface	Action	Technical Mechanism	Source
Administrator	WP Media Library (Admin UI)	View all media	No filter applied to `ajax_query_attachments_args`.	8
Author / Contributor	WP Media Library (Admin UI)	View only their own media	Filter `ajax_query_attachments_args` to set `$query['author'] = $user_id`.	8
Any User (Front-end)	Public Media Page	View all public media	`WP_Query` with `post_status = 'inherit'` visibility checks.	21
Any User (Front-end)	User Profile Feed	View own uploads and likes	Composite `WP_Query` joining `attachment`, `remote_media`, and `wp_user_likes`.	N/A

4. Stable Permalink and Routing System Design

Integrating user-based virtual folder structures into URLs and establishing SEO-friendly, shareable, and stable permalinks is essential for the system’s long-term reliability.22

4.1. Default Attachment URL Conflicts and Control

By default, WordPress generates Attachment Pages for attachment post types.
However, these pages are often considered inefficient for SEO because they lack meaningful content.

There are two main strategies to control this behavior:

Disable the default attachment pages and redirect to the file URL itself — using an SEO plugin (e.g., Yoast SEO) or WP-CLI command.24
Instead of disabling the template, reuse it by hooking into the template_include filter to load a custom attachment template.26

The second approach is preferable when aiming to provide a rich media viewer, similar to Misskey Drive.
This custom template can display extended metadata, federation activity counts (likes, shares), and comments — serving as a dedicated media detail view.

4.2. User-Based Virtual Media Folder URL Structure

The desired permalink structure should include both the user ID (or slug) and the taxonomy-based virtual folder path.
A stable and semantic permalink design is as follows:

User media root: /media/u/{username}/
Virtual folder path: /media/u/{username}/{folder_slug}/
Individual media item: /media/u/{username}/{folder_slug}/{media_slug}/

4.3. Implementation of Custom Rewrite Rules

To map these complex hierarchical URLs accurately to WordPress’s internal query system (WP_Query), custom rewrite rules must be defined using add_rewrite_rule().15
These rules should be added during the init action hook, and the permalink structure must be flushed after changes.

Rule 1: User Media Root and Folder Navigation
This rule allows browsing a specific user’s media root or virtual folder.

Regex: ^media/u/([^/]+)/([^/]*)/?$
Mapping: index.php?author_name=$matches[1]&user_folder_path=$matches[2]
$matches[1] represents the user slug, while $matches[2] represents the folder taxonomy term slug, both passed to WP_Query as query variables.13

Rule 2: Individual Media Item Page
This rule loads a specific media item within a virtual folder path.

Regex: ^media/u/([^/]+)/([^/]+)/([^/]+)/?$
Mapping: index.php?post_type=attachment&name=$matches[3]
The rule ultimately loads the attachment post based on its slug but includes user and folder context in the URL for better SEO and structural clarity.29

All custom media rewrite rules must be registered with the ‘top’ priority in the add_rewrite_rule() function (third argument set to 'top').15
This ensures that these rules take precedence over WordPress’s default post and page routing logic — preventing potential 404 conflicts.30

4.4. Preventing URL Conflicts and Managing Priorities

When introducing complex CPT and taxonomy-based URL structures, preventing conflicts is vital for maintaining system stability.

The most effective approach is to:

Set has_archive => false for CPTs like remote_media to disable archive pages.31
Set rewrite => [ 'with_front' => false ] to avoid default slug prefixes (e.g., {post_type_slug}/) being appended to URLs.16
Register all custom rules with 'top' priority to ensure they precede WordPress core routing.30

This layered routing design guarantees predictable, non-conflicting, and SEO-friendly URL resolution for both local and remote media resources.

5. ActivityPub Integration: Handling Likes and Collection Synchronization

ActivityPub-based federated interactions must ensure that users can perform “Like” actions on both local media (attachments) and external ActivityPub objects (remote_media), while maintaining these within unified collections.

5.1. Interpretation and Reception of ActivityPub 'Like' Objects

In ActivityPub, a “Like” activity is a structured message in the ActivityStreams format, transmitted between federated servers through the inbox.6
The system must capture and process incoming activities using action hooks provided by the WordPress ActivityPub plugin, such as activitypub_handled_update.32

Within the Like activity message, the object field contains the URI of the media being liked.
The system parses this URI to determine whether the object is a local resource (attachment or remote_media) or a purely external federated URI, and then routes it to the appropriate handling logic.

5.2. Database Schema for Storing ActivityPub 'Like' Data

Federated networks can generate a high volume of Like activities in a short period of time, and storing them in WordPress’s default wp_postmeta table would lead to severe database bloat and performance degradation.
This is evidenced by how the Activity Log plugin introduces its own custom tables for scalability.11

Therefore, to ensure scalability and query efficiency for large-scale federated activities, a dedicated custom database table, wp_user_likes, should be established.
This table efficiently records which actor_uri (external or local user) liked which object_uri (the canonical URI of the media).
Indexing the object_uri and actor_uri fields is essential to maintain query speed during frequent aggregation operations.

wp_user_likes Custom DB Table Schema (Optimized for Federation Activities)

Field Name	Data Type	Description	Index Status
like_id	BIGINT(20) AUTO_INCREMENT	Primary Key	Primary
actor_uri	VARCHAR(255)	ActivityPub ID of the user who liked the object	Indexed
object_uri	VARCHAR(255)	URI of the liked object (local or remote)	Indexed
local_post_id	BIGINT(20)	ID of the corresponding local attachment or remote_media CPT (if any)	Indexed
created_at	DATETIME	Timestamp of the activity	Indexed

5.3. Building a Collection of User Likes

Users should be able to view a collection of all media they have liked within their profile feed.
Unlike static boards (Section 2.3), this collection is dynamic, generated in real-time from the wp_user_likes table.

The query logic is composite:
Before executing a standard WP_Query, the system first queries the wp_user_likes table to extract a list of local_post_ids corresponding to media the user has liked.
These IDs populate the post__in argument for a subsequent WP_Query, efficiently fetching both local attachments and remote_media CPTs.21
If some liked objects exist only as external URIs without local_post_ids, the system retrieves them via the remote_media CPT using the URI.

5.4. Local Caching and Synchronization of Remote Media Objects

When a user likes an external media object, its metadata must be preserved in the local system’s remote_media CPT.

Upon receiving a Like activity, if no remote_media CPT exists matching the liked object’s URI, the system fetches the remote object’s ActivityStreams definition via the ActivityPub protocol and creates a new remote_media CPT to store its metadata.
Simultaneously, as described in Section 2.2, media_sideload_image() should be called asynchronously to cache the remote image locally.17

Additionally, because remote objects can change, when an ActivityPub “Update” activity is received, the activitypub_handled_update hook32 must be used to immediately refresh the metadata of the corresponding remote_media CPT.
This synchronization mechanism is essential for reflecting changes to federated data within local collections.

6. Implementation of a Misskey-style Profile Media Feed (Composite User Feed)

The goal is to provide a unified, chronologically ordered feed combining a user’s local uploads and liked collections, similar to a Misskey profile’s media feed.

6.1. Template File Structure for Individual User Feeds

By default, WordPress handles user profile pages through author.php, but a custom template is required for media-focused feeds.
Using the template_include filter27, requests to the custom-routed URL /media/u/{username}/ should load a dedicated template file (e.g., archive-user_media.php).

This template utilizes query variables passed from the Rewrite Rule defined in Section 4 to fetch and render the relevant content based on username and folder path.

6.2. Optimizing the Unified Feed Query (Union Query Strategy)

The unified feed must combine two primary data sources — local uploads (attachments) and liked collections (including remote_media) — ordered chronologically.

The most efficient query strategy is as follows:

Extract Local Upload IDs: Query attachment post type IDs for the target user.
Extract Liked Object IDs: Join the wp_user_likes table to obtain IDs of attachments and remote_media liked by the same user.
Execute Final Query: Merge both ID sets, remove duplicates, and execute a single optimized WP_Query using the combined ID list in the post__in argument.
Set post_type to array('attachment', 'remote_media') to include all relevant objects.

6.3. UX/UI Considerations: Gallery and Filtering Integration

The unified feed should display metadata for both attachment and remote_media objects in a consistent gallery layout.
Remote_media items should display cached local thumbnails when available.

To improve navigation, frontend query-variable-based filtering should be supported.
For example, adding ?view=likes to the URL should trigger logic that modifies the WP_Query arguments to show only liked collections.21

7. Conclusion and Recommended Implementation Steps

7.1. Development Priorities by Core Module

To ensure successful integration, development should proceed according to the following phases:

Phase 1: Data Model and Isolation (Foundation):
Define the remote_media CPT and user_folder_path Taxonomy, and make sure to set rewrite=false to control local routing.
Then, implement media library isolation for non-administrator users through the ajax_query_attachments_args filter as the top priority to ensure basic security and user experience.⁸
Phase 2: Permalink and Routing (Access):
Use add_rewrite_rule to define permalink structures by user and folder, and override the default Attachment Page behavior.¹⁵
Phase 3: Federation & Scale:
Build a wp_user_likes Custom Database Table, and integrate ‘Like’ reception and remote_media CPT auto-creation logic using ActivityPub hooks.
In this phase, implement the remote media local caching (sideloading) logic asynchronously to prevent performance issues.¹⁷

7.2. Performance and Scalability Considerations

When data volume increases, the following architectural considerations are essential to maintain system performance:

DB Index Optimization:
Setting appropriate indexes including actor_uri and object_uri in high-frequency access tables such as wp_user_likes is a decisive factor in preventing query latency when processing large amounts of federated data.
Asynchronous Processing:
The media_sideload_image() operation, which handles remote image downloads and local caching, consumes substantial server resources.¹⁸
Therefore, it must be processed asynchronously using systems such as WP Cron or Action Scheduler to avoid negatively impacting user experience.
Enhanced Security:
To ensure strict isolation of local media ownership, consider adopting Access-Controlled Files (as supported in the WordPress VIP environment)³³, or apply technical measures³⁴ such as blocking unauthorized direct file access via .htaccess or Nginx configuration, as done in plugins like Media Library Plus.

The architecture proposed in this report leverages WordPress’s flexible CPT/Taxonomy system to extend the existing local media management structure into a model inspired by Misskey Drive’s user-specific ownership concept and Pinterest’s collection features, while fully integrating distributed social capabilities through ActivityPub federation.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

WordPress ActivityPub S2S Media Delivery System Redesign and Improvement Plan: Strategy for Secured Pull Model Adoption #2377

Uh oh!

{{title}}

Uh oh!

Replies: 4 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

WordPress ActivityPub S2S Media Delivery System Redesign and Improvement Plan: Strategy for Secured Pull Model Adoption #2377

Uh oh!

Jiwoon-Kim Oct 27, 2025

I. Introduction: C2S/S2S Boundary Analysis and Definition of S2S Media Delivery Issues

I.1. Technical Diagnosis of Current ActivityPub Media Federation

I.2. Analysis of S2S Incompatibility of the C2S uploadMedia Endpoint

I.3. Core Proposal: Introduction of WordPress Attachment ID-Based Secured S2S Media Pull Model

II. ActivityPub Protocol Boundaries and CMS Structure Utilization

II.1. S2S Value of WordPress Attachment Post Type

II.2. ActivityStreams Standard Media Object Structure and Role of FEP-1311

III. Media Delivery Models: Push vs. Pull Comparative Analysis

III.1. Model A: Limitations of the Traditional Outbox Push Model

III.2. Model B: Necessity of the S2S Media Library Pull Model

IV. Proposed Specification: S2S mediaLib Endpoint Design

IV.1. Endpoint Definition and ActivityStreams 2.0 Mapping

IV.2. Security Implementation Details: Mandatory S2S Authentication via HTTP Signature

IV.3. Inclusion of WordPress-Specific Attributes and Caching Strategy

V. Implementation Roadmap and Future Scalability

V.1. Phase 1: Transformer Improvement and ID Integration (Immediate Goal)

V.2. Phase 2: Security Enhancement and Initial S2S mediaLib REST Endpoint Implementation (Mid-Term Goal)

V.3. Phase 3: Interoperability Enhancement and Advanced Media Feature Integration (Long-Term Goal)

VI. Conclusion and Recommendations

References

Replies: 4 comments · 3 replies

Uh oh!

Jiwoon-Kim Oct 27, 2025 Author

File to Modify: includes/transformer/class-attachment.php

Explanation of Key Changes

Expected Result After Application (Example of ActivityStreams Object)

Uh oh!

Jiwoon-Kim Oct 27, 2025 Author

File to Modify: includes/transformer/class-attachment.php

Explanation of Key Changes

Expected Result After Application (Example of ActivityStreams Object)

Uh oh!

Jiwoon-Kim Oct 27, 2025 Author

File to Modify: includes/transformer/class-attachment.php

Explanation of Key Changes

Expected Result After Application (Example of ActivityStreams Object)

Uh oh!

Jiwoon-Kim Oct 29, 2025 Author

WordPress Zero-Sideload Federated Media Reference (ZFMR) Architecture Report

I. Introduction and Overview of the ZFMR Framework

II. Protocol Compliance and First-Class Media Objects

III. Federated Media Object (FMO) Architecture

IV. Local Post Federation and Remote URI Integrity Mechanism (Objective 3)

V. Enabling Direct Media Commenting and Interaction Routing (Goal 1)

VI. Architectural Optimization and Interoperability Constraints

VII. Conclusion and Step-by-Step Implementation Roadmap

Uh oh!

Jiwoon-Kim Oct 31, 2025 Author

Uh oh!

Uh oh!

Jiwoon-Kim Nov 2, 2025 Author

Uh oh!

Jiwoon-Kim Nov 3, 2025 Author

Specification Report on the Federated Media Architecture for Integration of WordPress, Pinterest, and Misskey Models

1. Introduction to the Integrated Media Architecture and Definition of Objectives

1.1. Background of Integration: Functional Analysis of WP, Pinterest, and Misskey Models

1.2. System Architecture Overview: WP Core, Custom Layer, ActivityPub Integration

1.3. Roadmap for Meeting Key Requirements

2. Data Modeling: Structural Definition of Local, Remote, and Collection Layers

2.1. Redefining the Local Media Model (attachment Post Type)

2.2. Designing a Custom Post Type (CPT) for Remote Media Objects

2.3. Defining the Collection/Board Structure

3. User-Specific Local Media Management and Access Control

3.1. User-Centric Media Library Visibility Control (WP Admin UI)

3.2. Virtual Folder Structure Implementation and Database Mapping

3.3. Summary of Media Access Control Logic

4. Stable Permalink and Routing System Design

4.1. Default Attachment URL Conflicts and Control

4.2. User-Based Virtual Media Folder URL Structure

4.3. Implementation of Custom Rewrite Rules

4.4. Preventing URL Conflicts and Managing Priorities

5. ActivityPub Integration: Handling Likes and Collection Synchronization

5.1. Interpretation and Reception of ActivityPub 'Like' Objects

5.2. Database Schema for Storing ActivityPub 'Like' Data

5.3. Building a Collection of User Likes

5.4. Local Caching and Synchronization of Remote Media Objects

6. Implementation of a Misskey-style Profile Media Feed (Composite User Feed)

Jiwoon-Kim
Oct 27, 2025

Replies: 4 comments 3 replies

Jiwoon-Kim
Oct 27, 2025
Author

File to Modify: `includes/transformer/class-attachment.php`

Jiwoon-Kim Oct 27, 2025
Author

File to Modify: `includes/transformer/class-attachment.php`

Jiwoon-Kim
Oct 27, 2025
Author

File to Modify: `includes/transformer/class-attachment.php`

Jiwoon-Kim
Oct 29, 2025
Author

Jiwoon-Kim Oct 31, 2025
Author

Jiwoon-Kim Nov 2, 2025
Author

Jiwoon-Kim
Nov 3, 2025
Author