Consistency between Actor icon handling and post image federation

[Jiwoon-Kim]

If the icon property of an [Actor Object](https://www.w3.org/TR/activitypub/#actor-objects) supports ImageObject and arrays, then it could work similarly to Facebook profiles — where each user can leave comments with their profile image attached.

Now that I think about it, it’s quite strange that the avatar (icon) source for a WordPress Actor is Gravatar. That’s an external source — and as far as I know, external sources aren’t supposed to be used in federation for trust and reliability reasons.

If that’s acceptable, then technically there’s no reason why hotlinked images included in a post couldn’t also be federated, right?

Also, I just got curious — when deleting a user in WordPress, there’s an option to reassign all content to another user.
I haven’t tested this, but what happens to the outbox items or Activity objects in that case?

I just wanted to leave a comment here since the recent PRs have been focused on remote actor avatar handling and ActivityPub media processing, and I’ve also been dealing with some account-related database issues on WordPress.com lately.

---

By the way, I just saw this PR: [mastodon/mastodon#36322](mastodon/mastodon#36322).
It seems Mastodon now allows converting a Note into an Article via an Update activity, doesn’t it?

[pfefferle]

It seems Mastodon now allows converting a Note into an Article via an Update activity, doesn’t it?

Mastodon allows Update activities for Articles now. That was not possible before!

[Jiwoon-Kim]

From my understanding, it seems that update activities for Article objects are now supported, and even conversion between Note and Article types has become possible — that’s a great step for interoperability.

Personally, I think Mastodon’s UX is quite accessible and user-friendly, but its internal codebase feels rather spaghetti-like in some of the finer details.

Question: In WordPress, is it currently possible to dynamically switch the object type (e.g., Note ↔ Article) based on the content length or word count?
In WordPress, the conversion between object types can be done dynamically, but is it automatically detected and updated each time?

[pfefferle]

mastodon/mastodon#36318

[Jiwoon-Kim]

@pfefferle
Title: It seems that the article type in WordPress should include an icon property

For example, when displaying the thumbnail column in the WordPress dashboard (https://designbusan.ai.kr/wp-admin/edit.php),
an image like this appears:
https://designbusan.ai.kr/wp-content/uploads/2025/09/passport-1-50x50.webp?crop=1

Additionally, I believe the article object should also include an image property (for the featured image).

---

Here’s an example using my Mastodon profile’s avatar and header image.
On Mastodon, it’s called a header, on Misskey and Lemmy a banner, and on Facebook a cover photo —
but all use the same structure:
the avatar corresponds to the icon property, and the cover photo corresponds to the image property.

"icon": {
  "type": "Image",
  "mediaType": "image/jpeg",
  "url": "https://files.mastodon.social/accounts/avatars/111/256/504/964/424/929/original/bb8761e4f41b929f.jpg"
},
"image": {
  "type": "Image",
  "mediaType": "image/jpeg",
  "url": "https://files.mastodon.social/accounts/headers/111/256/504/964/424/929/original/f1ebc9e851ed5b25.jpg"
}

---

Relevant References from ActivityStreams Vocabulary

https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon

icon
Notes: Indicates an entity that describes an icon for this object. The image should have an aspect ratio of one (horizontal) to one (vertical) and should be suitable for presentation at a small size.

image
Notes: Indicates an entity that describes an image for this object. Unlike the icon property, there are no aspect ratio or display size limitations assumed.

[Jiwoon-Kim]

Of course, but if inline images are not purely external hotlinks, they would generally be expected to be included in the attachment property.
Therefore, lifting the attachment image limit for Article objects would likely be a prerequisite for proper inline image support.

[pfefferle]

I am not sure I can fully follow here!?

We have attachments for federated posts and there is normally no hotlinking!?

[Jiwoon-Kim]

What do you consider the fundamental purpose of the attachment property?

In my view, it exists primarily to cache metadata for image objects and enable lazy loading of inline images in content via local URLs. Additionally, it helps ensure legal safety through metadata such as content warnings.

In that sense, displaying external source hotlinks directly in content could be allowed. However, the protective mechanisms provided by metadata would not function in this case, which introduces potential risks.

[pfefferle]

What do you consider the fundamental purpose of the attachment property?

To be honest, I think we mainly use it because Mastodon doesn’t support inline images. If inline images had been supported from the start, I’d assume Attachments wouldn’t have become so widely used.

In my view, it exists primarily to cache metadata for image objects and enable lazy loading of inline images in content via local URLs. Additionally, it helps ensure legal safety through metadata such as content warnings.

That might be one possible option, but it’s not practical since no current implementation provides IDs for Attachments.

[Jiwoon-Kim]

I think the mechanism for custom emojis and inline images in the content property is quite similar.
Yes, of course, since content uses HTML elements, inline images should naturally be able to function as-is.

However, custom emojis work by caching the image files listed in the tag array and then parsing the full text of the <p> elements in content to replace text patterns with those images. It’s actually very similar to how WordPress handles smileys.

For example, the emoji :murakamisan_syabaku: on misskey.io/about#emojis has a CW tag, so I initially expected that the emoji-type objects in the JSON-LD tag array might also have a "sensitive": true property — but apparently, that’s not the case.

• https://browser.pub/https://misskey.io/notes/aeiecf2mza2a07mm
• https://browser.pub/https://misskey.io/notes/a63z8dd0qi2o00nx In these examples, the "sensitive": true property appears in the attachment instead.

So I originally assumed that the attachment field would be used to parse <img> tags inside content, replace them as needed, and apply properties such as sensitive.
That’s why I thought inline images wouldn’t necessarily need to be cached locally.

[Jiwoon-Kim]

ActivityPub Remote Actor Data Model and Avatar Caching Architecture Report: WordPress CPT and Asynchronous Synchronization Strategy

I. Architectural Overview of Remote Actor Management

1.1. Need for a Unified Actor Model in WordPress

The core of the ActivityPub protocol is distributed actors. These actors are not limited to WordPress’s default user model in the wp_users table, but encompass various types such as Person, Group, Organization, Application, and Service.1 WordPress’s WP_User structure mainly assumes a "user" who logs in to a local instance and creates posts, so forcibly assigning remote actors without local write permissions to this table introduces structural inefficiencies and security overhead.

Remote actors should be treated as data objects that simply store profile information and interaction endpoints (Inbox, Outbox URI, etc.) in the local database. The official ActivityPub plugin developers have recognized this structural limitation and, in recent updates, adopted a Unified Actor Model using Custom Post Type (CPT) IDs instead of remote user URIs, optimizing Follower tables and other actor-related tables.3 This approach reflects a clear architectural intent to manage all actors (local users and remote actors) internally using a single CPT ID, which is essential for reducing complexity in follow and interaction logic. Implementers should design actor lookup and interaction logic by wrapping local WP_Users as ActivityPub actors and treating remote actors as CPT instances, unifying all objects under a single CPT Post ID.

1.2. Criteria for Storage Choice: Justification for Using Custom Post Types (CPTs)

Deciding whether to use CPTs or dedicated custom database tables (DBTs) for storing remote actors is critical in WordPress development. Considering the characteristics of the remote actor model, leveraging the CPT infrastructure provides significant advantages.

CPTs allow safe data retrieval through the WP_Query class without writing complex, error-prone SQL queries.5 Additionally, the built-in caching infrastructure of WordPress, including object caching, can be automatically leveraged to improve repeated access performance for remote actor data.5 Simply registering the CPT provides a basic UI in the admin dashboard to filter and view actors, enhancing operational efficiency.3

On the other hand, CPTs are bound to the “post” metaphor, including unnecessary fields like post_title and post_date, while complex actor properties (e.g., inbox URL, publicKey) must be stored in the postmeta table.6 Postmeta stores key-value pairs without indexing by default, potentially causing performance degradation for large-scale lookups by actor ID.6 To circumvent these limitations, architectural optimizations are necessary. Normalizing or hashing the unique URI of the ActivityPub actor1 and storing it in the CPT’s indexed post_name (slug) field allows fast lookups without traversing postmeta, a strategy essential for maintaining performance when hundreds of thousands of remote actors accumulate.

II. CPT-Based Remote Actor Data Structure and Schema Definition

A Custom Post Type for storing remote actors should be clearly defined, e.g., ap_actor.3 The core fields and extended metadata (post meta) of this CPT should faithfully reflect the ActivityStreams 2.0 object model.

2.1. CPT Registration and Core Field Mapping Strategy

The key WordPress fields of the ap_actor CPT are used as follows: post_title stores the actor’s display name, post_content stores the actor’s summary, supporting administrative convenience. Most importantly, post_name stores the hashed or normalized Actor URI, enabling fast actor lookups by unique identifier. post_status stores the actor’s current status (e.g., active, suspended) to support admin table filtering.3

2.2. Detailed Actor Metadata (Post Meta) Schema Design

Complex ActivityPub properties of actors are stored in the wp_postmeta table, allowing flexible schema expansion.7

Key meta keys and purposes for storing remote actors are:

Meta Key (Prescribed Example)	Value Type	Purpose and Reference
ap_actor_id	String (URL)	The unique, immutable ActivityPub Actor URI.1
ap_actor_type	String	Actor Type (Person, Group, Application, etc.).1
ap_inbox_url	String (URL)	URL for receiving activities (required for federation).2
ap_outbox_url	String (URL)	URL for actor's published activities.2
ap_avatar_remote_url	String (URL)	Original remote URL of the actor's icon/image. Used for refreshing.9
ap_avatar_attachment_id	Integer	Local Attachment ID of the cached avatar in Media Library. Crucial for local serving.
ap_raw_json	JSON (Serialized)	Full, raw JSON document retrieved from the remote actor.3
ap_last_fetched	Unix Timestamp	Timestamp of the last successful profile retrieval. Used for synchronization checks.

Notably, the ap_raw_json field allows storing the full original JSON-LD from the remote actor.3 ActivityPub can include non-standard extensions beyond ActivityStreams across Fediverse platforms. Saving the entire JSON ensures important data (e.g., new profile endpoints) are retained without schema modification, providing data resilience for future protocol changes.

III. Local Avatar Image Caching Implementation

3.1. Motivation: Performance, Privacy, and Reliability

Caching remote actor avatars in the local WordPress Media Library is not just for performance—it is an essential measure for security and privacy in decentralized networks.

Directly loading avatars from remote URLs (hotlinking) exposes the IP addresses of local users (followers) to the remote server, violating anonymity principles.10 Local caching downloads the images to the WordPress server, acting as a proxy (server IP only exposed), and serves the local media URL to users, protecting privacy.10 Additionally, caching ensures fast image load times regardless of remote server latency,11 and bypasses hotlink protection measures used by some remote instances.12

3.2. Media Library Sideloading Implementation

WordPress provides media_sideload_image() for downloading external images to the local Media Library, handling file download, validation, and registration in a single call.13,14

Caching Workflow:

1. Obtain Remote URL: Extract ap_avatar_remote_url from the actor CPT metadata.
2. Load Dependencies: media_sideload_image() usually requires admin context. For async tasks (WP-Cron), include the necessary files:

require_once( ABSPATH . 'wp-admin/includes/media.php' );  
require_once( ABSPATH . 'wp-admin/includes/file.php' );  
require_once( ABSPATH . 'wp-admin/includes/image.php' );

3. Execute Sideload: Specify return type as 'id' to receive the generated Attachment ID.

$att_id = media_sideload_image( $remote_url, $actor_cpt_id, 'Remote Actor Avatar', 'id' );

4. Handle Result: Check for WP_Error. If successful, store Attachment ID in ap_avatar_attachment_id; on failure, set to 0 or blank and log errors.

Frontend display uses wp_get_attachment_image() on the stored Attachment ID, leveraging WordPress’s image processing and caching pipeline.16

Local Avatar Caching Workflow and Functions

Step	Action	Primary WordPress Function	Rationale
1. Check Existence/Staleness	Determine if refresh is needed and obtain remote URL	get_post_meta( $actor_id, 'ap_avatar_remote_url' )	Avoid unnecessary fetches.
2. Dependency Loading	Load dependencies for media_sideload_image()	require_once(ABSPPATH. 'wp-admin/includes/media.php'), etc.	Ensure functionality outside /wp-admin/ (Cron execution).14
3. Remote Sideloading	Download and register image in Media Library	media_sideload_image( $url, $actor_id, $desc, 'id' )	Privacy (IP masking) and hotlink avoidance.10
4. ID Storage	Store Attachment ID of downloaded image	update_post_meta( $actor_id, 'ap_avatar_attachment_id', $att_id )	Links CPT actor to local media asset.
5. Frontend Display	Display cached avatar	wp_get_attachment_image( $att_id, 'thumbnail' )	Leverages standard WP image processing.16

IV. Synchronization and Refresh Strategy using WP-Cron

Remote actors may update profile info (especially avatars) at any time. Local instances must detect changes and refresh caches. Synchronous processing on user requests is resource-intensive and should be avoided.

4.1. Asynchronous Refresh via WP-Cron

Profile refresh is a background HTTP request task; WP-Cron is standard for scheduling periodic events.17

Use wp_schedule_event with 'hourly' or 'daily' intervals.19 Because WP-Cron requires page visits, low-traffic environments may delay execution. For high-reliability environments, use system cron to periodically execute wp-cron.php.

4.2. Hybrid Synchronization Strategy (Push vs. Polling)

Actor profile refresh should combine ActivityPub Push with Polling:

1. Push-based (Immediate): Receive Update activities in the Inbox. Invalidate cache and fetch updated profile immediately.1
2. Polling (Safety Net): If updates are missed or avatars change outside ActivityPub (e.g., Gravatar), scheduled Cron checks ap_last_fetched and batch-refreshes actors not updated within a set period (e.g., 7 days).9

WP-Cron serves as the fall-back safety net for maintaining data integrity when real-time updates fail.

Synchronization Strategy Matrix

Refresh Trigger	Mechanism	Frequency	Primary Action	Reliability / Note
Profile Change Notification	Incoming Update Activity in Inbox	Real-time (Async)	Immediate actor refresh	High efficiency; depends on remote actor compliance.1
Stale Data Check	WP-Cron Scheduled Event	Daily/Hourly	Batch refresh based on ap_last_fetched	Fall-back safety net.17
User Interaction	Local Admin Action ("Refresh Actor")	On-demand	Immediate refresh	Useful for debugging or force-refresh.3

V. Development and Operational Considerations

5.1. Performance Optimization: Remote Requests

Fetching remote actor profiles can generate multiple HTTP requests:

• Use If-Modified-Since or ETag to avoid downloading unchanged JSON.
• For large Fediverse instances, paginate WP_Query and batch or throttle fetches.13
• Provide WP-CLI commands for manual refresh during low-load periods.3

5.2. Security and Scalability

5.2.1. Signed Requests and Authentication

Secure instances may require outbound GET requests signed with the local actor’s private key.21 Implementations must support signing to ensure successful interaction.

5.2.2. Managing ActivityStreams Object Type Extensions

Current focus is on actor objects. Extended objects (comments, likes, reposts) may require separate CPTs (e.g., ap_activity, ap_note) or DB tables for long-term scalability.22

VII. Conclusion and Recommendations

Using Custom Post Types (CPT) is the optimal approach for reliably storing and managing remote ActivityPub actors in WordPress. CPTs leverage standard APIs, caching infrastructure, and admin UI.

Key recommendations:

1. CPT Use and Identifier Optimization: Store remote actors in ap_actor CPT and save hashed/normalized URI in post_name to avoid postmeta query performance issues.
2. Data Integrity and Flexibility: Store all essential ActivityStreams properties in postmeta and save the original JSON in ap_raw_json for data resilience.
3. Mandatory Avatar Local Caching: Use media_sideload_image() to cache avatars locally, preventing user IP exposure.
4. Hybrid Synchronization: Use push updates from ActivityPub for real-time refreshes and WP-Cron batch polling for older actors. Asynchronous tasks should include batch processing and request signing.

[pfefferle]

Synchronization and Refresh Strategy using WP-Cron

We already have a sync in place, but ActivityPub is a push based protocol. The remote server should send us an Update request any time a remote actor changes something in their profile.

[Jiwoon-Kim]

Conditional Media Handling Architecture: Differentiating Upload Paths and Managing Non-Attached ActivityStreams Objects

This report outlines an architecture for managing remote ActivityPub media (such as actor avatars and icons) within WordPress, specifically addressing the requirements for: 1) separating cached media storage from standard user uploads, and 2) conditionally bypassing the creation of a WordPress Attachment ID for transient media objects that lack an independent ActivityStreams 2.0 (AS2) identity.

I. Semantic Requirements for Media Object Identity

I.A. The Conflict between WP Attachments and AS2 Semantics

In standard WordPress operation, all files uploaded to the server are registered in the Media Library as an attachment Custom Post Type (CPT), assigned a unique database ID, and placed in the default /wp-content/uploads/YYYY/MM/ directory structure.

However, the ActivityPub protocol relies on the ActivityStreams 2.0 data model, where objects can be categorized into two groups based on their identity 1:

1. Independent, Persistent Objects: Objects that possess a globally unique identifier (a URI) in their id property. These are intended to be independently addressable and permanent entities.1
2. Embedded, Transient Objects: Objects (such as an emoji image or an actor's icon property) that intentionally omit the id property. These resources derive their identity from their container (e.g., the parent Activity or Actor) and are typically treated as transient resources or caches of a remote URL.1

Design Conclusion: Imposing a persistent WordPress Attachment ID on an AS2 object that is semantically transient (lacking an id) is inefficient, increases database bloat, and violates the object's original design intent.4 Therefore, the system must implement a conditional persistence strategy based on the AS2 id field.

I.B. Conditional Persistence Strategy Mapping

The presence of the AS2 id property in the incoming JSON payload should determine the storage fate of the media object:

ActivityStreams 2.0 (AS2) Attribute	Semantic Interpretation	Required WordPress Action	Storage Method
Object has an explicit id 1	Independent, globally addressable media object (Persistent).	Full Media Library registration (media_handle_sideload leading to wp_insert_attachment).	WP Attachment ID (Post Type: attachment).
Object explicitly omits id 1	Embedded resource, temporary cache (Transient, Non-Persistent).	File system storage only (wp_insert_attachment must be bypassed).	File URL/Path saved directly to Post Meta of the parent CPT Actor.5

II. Implementing Differentiated File Storage Paths

To physically separate remote actor caches from standard user-uploaded media (which follow the standard /YYYY/MM/ structure), a custom upload directory is required.

II.A. Leveraging the upload_dir Filter

WordPress uses the upload_dir filter to determine the final path for all file uploads.6 To achieve path differentiation (e.g., using a structure like wp-content/uploads/federation-media/), this filter must be temporarily hijacked.

Critical Implementation Requirement (Isolation): The upload_dir filter must not be applied globally, as this would break standard media uploads. It must be conditionally registered only during the execution of ActivityPub-related media fetching routines and immediately removed to prevent contamination of the global upload settings.7

The recommended method for safe, contextual filtering is to use the wp_handle_upload_prefilter hook to add the custom upload_dir filter, perform the file operation, and then remove the filter before the function returns 7:

PHP

// 1. Function to apply the custom path
function ap_custom_upload_dir( $param ) {
// Check post context (e.g., CPT is 'ap_actor') using $_REQUEST['post_id']
if ( is_activitypub_upload_context() ) {
$custom_subdir = '/federation-media';

    // Remove default subdir (e.g., /2024/07) to prevent path duplication   
    $param\['path'\] \= str\_replace( $param\['subdir'\], '', $param\['path'\] );  
    $param\['url'\]  \= str\_replace( $param\['subdir'\], '', $param\['url'\] );  
      
    // Assign new custom subdir  
    $param\['subdir'\] \= $custom\_subdir;  
    $param\['path'\].= $custom\_subdir;  
    $param\['url'\] .= $custom\_subdir;  
}  
return $param;  

}

// 2. Execution Wrapper to ensure filter is temporary
function ap_execute_conditional_sideload( $remote_url, $actor_cpt_id ) {
add_filter( 'upload_dir', 'ap_custom_upload_dir' );

//... File processing logic (Section III)...  
  
remove\_filter( 'upload\_dir', 'ap\_custom\_upload\_dir' );  
// Return final path/URL  

}

III. Bypassing Attachment ID Creation (Database Persistence)

For transient AS2 objects (those without an id), the standard high-level WordPress sideloading function, media_handle_sideload(), is unsuitable because it is programmed to automatically call wp_insert_attachment() and return a database ID.9

The solution requires using low-level WordPress file handling functions that perform the file system work without the database insertion step.10

III.A. Low-Level Caching Workflow

1. Download to Temp Location: Use download_url() to safely fetch the remote media file (e.g., avatar image) and store it in the server's temporary directory.12 This step is critical for masking the requesting user's IP address from the remote host, ensuring user privacy.13
2. Move to Final Location: Use wp_handle_sideload() (the file-handling helper, not the media-handling wrapper) to clean the filename, check its MIME type, and move the file from the temp location to the custom upload path defined by the active upload_dir filter.14 This function returns an array containing the final file path and URL but does not insert an attachment post into the database.10
3. Store Reference in Post Meta: The final, locally cached file URL and path must be stored directly in the parent CPT Actor's post metadata (e.g., ap_avatar_local_url).5 This post meta key becomes the sole link between the CPT actor and the cached image file on the disk.4

Step	Function	Outcome	Database Action
1. Download	download_url() 12	Remote file saved to /tmp/ location.	None
2. Move & Validate	wp_handle_sideload() 10	File moved to wp-content/uploads/federation-media/.	None
3. Reference Save	update_post_meta() 5	ap_actor CPT record stores the image's URL/Path.	Post Meta update (No attachment CPT created)

IV. Garbage Collection and Lifecycle Management

A major consequence of bypassing the WordPress Media Library is that the standard deletion mechanisms for media are disabled. When the parent CPT (the remote actor record) is deleted, the cached files are left as "orphaned files" on the server, causing disk bloat.8

IV.A. Custom Cleanup Handler

To ensure operational integrity, a custom garbage collection routine must be implemented, linked to the lifecycle of the parent CPT post.

1. Hook onto Parent Deletion: The system must utilize the delete_post action hook, which fires immediately before a post (including CPT posts) is permanently deleted from the database.15
2. Retrieve File Path: Within the delete_post handler, check if the deleted post is the relevant CPT (e.g., ap_actor) and use get_post_meta() to retrieve the file path that was previously stored.5
3. Physical File Removal: Use the native PHP function unlink() to physically remove the cached file from the file system, referencing the retrieved path.16

This strategy ensures that the local cache file is removed only when its controlling data object (the CPT actor) is destroyed, maintaining synchronization and resource efficiency.

PHP

// Example: Garbage Collection Hook
add_action( 'delete_post', 'ap_cleanup_cached_media_on_actor_delete', 10, 2 );

function ap_cleanup_cached_media_on_actor_delete( $post_id, $post ) {
// Only target the specific CPT used for remote actors
if ( $post->post_type === 'ap_actor' ) {
// Retrieve the locally stored file path
$file_path = get_post_meta( $post_id, 'ap_avatar_local_path', true );

    if ( $file\_path && file\_exists( $file\_path ) ) {  
        // Attempt to delete the file  
        if ( unlink( $file\_path ) ) {  
            // Log success  
        } else {  
            // Log failure (e.g., permission error)  
        }  
    }  
    // Optionally, check for and delete additional variants/thumbnails  
}  

}

V. Summary of Recommended Implementation

The most robust and efficient approach for managing remote ActivityPub media in WordPress is through a selective, low-level file management pipeline that respects AS2 semantics:

1. Semantic Check: Always inspect the incoming AS2 payload: If the object (e.g., icon) lacks an id, treat it as a transient cache.
2. Path Isolation: Employ the upload_dir filter conditionally and temporarily to place these transient caches into a dedicated, non-standard directory (e.g., /federation-media/), avoiding the YYYY/MM/ structure of standard user uploads.
3. Database Bypass: For transient objects, avoid media_handle_sideload() entirely. Use download_url() followed by wp_handle_sideload() to save the file to disk without creating a database-persisted attachment ID.
4. Reference and Cleanup: Store the resulting file path/URL in the parent CPT's Post Meta. Attach a custom function to the delete_post hook to retrieve this path and use unlink() to physically remove the file upon CPT deletion, preventing orphaned files.

[Jiwoon-Kim]

Conditional Media Handling Architecture for Federated Environments: Path Differentiation and Non-Attachment Object Management

I. Strategic Background and Semantic Requirements

I.A. Challenges of Federated Media Management in WordPress

WordPress is fundamentally designed to store all media upload files in the path format /wp-content/uploads/YYYY/MM/, during which all files are registered in the database as the attachment post type and assigned a unique database identifier (ID).1 This single and permanent management model is efficient in a traditional content management system (CMS) environment, but conflicts arise with the distributed and semantic media handling methods required by federated protocols (e.g., ActivityPub).

In a federated environment, media objects are categorized into two main types: standard content that can be globally cached or referenced (e.g., user-uploaded primary images), and transient or embedded objects that do not have independent identifiers within an activity (e.g., avatars, emojis). Using WordPress’s default architecture, even transient cached files are unnecessarily assigned attachment IDs, increasing database overhead and complicating deletion and management. Therefore, a federated system requires structural differentiation that clearly separates user-uploaded files (requiring WP Attachment ID) from cached remote media files (requiring only file system caching).

I.B. Understanding ActivityStreams 2.0 (AS2) Object Identity

The Activity Streams 2.0 (AS2) specification defines that all objects (including images) can have a type, a name, and crucially, a globally unique identifier (id, JSON-LD @id).2 The presence of this id serves as the key criterion for determining the independence and permanence of a media object.

ActivityPub, based on AS2, mandates that activities in server-to-server communication must include identifiers, but allows identifiers to be omitted for intentionally transient objects.4 For example, small media objects such as emojis or poll options within a message are identified by their container object (e.g., Note) and are not considered independently verifiable global entities.5

Therefore, in this architecture, the presence of the id attribute functions as the primary marker for permanence of a WordPress media object. Only objects with a complete and resolvable URI as their id are considered major objects requiring permanence. This approach goes beyond technical optimization and implements best practices in Linked Data, preventing the assignment of WordPress-specific IDs to objects lacking independent semantic meaning.

I.C. Semantic Mapping: Independent vs. Transient Objects

Based on the above semantic analysis, a strict structural contract is needed to decide whether a media object should be registered in the WordPress database (permanent storage) or exist solely as a file system cache (transient storage).

If an AS2 object has a canonical id, it is considered permanent and promoted to a WordPress attachment (with unique WP ID). Conversely, objects without an id or inferred to be transient skip database registration and are stored only in the file system as a local cache. This strategy maps persistent AS2 objects to persistent WP attachments and transient AS2 objects to temporary WP file caches, preserving the semantic distinction within the system.

ActivityStreams 2.0 (AS2) Property	Semantic Interpretation	Required WordPress Action	Data Storage Method
Object has an explicit id 4	Independent, globally addressable media object (permanent).	Register in full media library (wp_insert_attachment).	WP Attachment ID (Post Type: attachment).
Object lacks explicit id 4	Embedded resource, transient cache (non-permanent).	Only perform file system storage (bypass wp_insert_attachment).	Custom post meta storing file URL/path.6

II. Implementing Custom File Storage Paths

This section describes implementing requirement 1: storing files in paths differentiated from the standard structure.

II.A. Role of the upload_dir Filter in WP Core

The upload_dir filter is a key mechanism to manipulate the final storage location for files in WordPress core, executed within the wp_upload_dir() function.7 This filter receives an array ($uploads) containing upload directory information, with key paths including path (full directory path), url (full URL), subdir (subdirectory), and basedir/baseurl (base directory/URL).7

The standard WordPress upload path typically uses year/month subfolders under wp-content/uploads/.1 To create a separate directory for federated media (e.g., wp-content/uploads/federation-media/), the upload_dir filter must override this default configuration.

II.B. Contextual Path Logic Development

To generate custom paths, the context at the time of upload (e.g., whether the media is associated with a specific custom post type, CPT) must be checked. Contextual verification is done by examining global request data ($_REQUEST) during the upload to find the post_id, then using that ID to determine the post type.8

This is especially critical for remote file fetching (sideloading) or asynchronous uploads. Checking $_REQUEST['post_id'] and using get_post_type() ensures that the current upload is related to a CPT designed for federated functionality.

II.C. Detailed Code Example: Conditional Path Implementation

The core of custom path implementation is preventing filter pollution and activating it only when needed. Once active, the filter affects all subsequent file handling, so its scope must be restricted to specific CPT uploads.

The most robust approach is to use a pre-filter such as wp_handle_upload_prefilter to temporarily register the upload_dir filter only when a federated media upload is detected.8 After the file move operation completes, remove_filter must be called immediately to deactivate it. This should be done within a custom function wrapping the upload routine; otherwise, the filter may persist globally and incorrectly apply to unrelated uploads.8

Technically, changing the path involves manipulating the subdir element of the $uploads array. Before assigning a new directory (e.g., /federation-media), the default year/month subdir (e.g., 2024/07) must be removed from $args["path"] and $args["url"]. Omitting this may result in duplicate paths like uploads/2024/07/federation-media.9

// Context-specific upload directory setup  
function custom_federated_media_dir( $param ) {  
    // 1. Check if the current context matches the Federated CPT  
    $id = isset( $_REQUEST['post_id'] )? (int) $_REQUEST['post_id'] : 0;  
      
    // Assuming 'federated_activity' is the CPT type  
    if ( $id && 'federated_activity' == get_post_type( $id ) ) {  
        $custom_dir = '/federation-media';  
          
        // 2. Remove default subdir (e.g., /2024/07)  
        $param['path'] = str_replace( $param['subdir'], '', $param['path'] );  
        $param['url']  = str_replace( $param['subdir'], '', $param['url'] );  
          
        // 3. Assign new custom subdir  
        $param['subdir'] = $custom_dir;  
        $param['path'] .= $custom_dir;  
        $param['url']  .= $custom_dir;  
    }  
    return $param;  
}

// Function to activate and execute custom upload routine (and immediately remove filter)  
function execute_conditional_upload( $file_details, $post_id ) {  
    add_filter( 'upload_dir', 'custom_federated_media_dir' );  
      
    //... File handling logic (see Section III.B)...  
      
    remove_filter( 'upload_dir', 'custom_federated_media_dir' );  
    // Return paths/URLs to be stored in post meta  
}

II.D. Ensuring Path Compatibility and URL Verification

Once implemented, the custom path must remain a subdirectory under the WP uploads folder (e.g., wp-content/uploads/federation-media/) to maintain permissions and security requirements.

However, files stored this way are not standard media library items, so functions like wp_get_attachment_url() cannot retrieve their URLs. Therefore, when displaying images (e.g., CSS backgrounds or <img/> tags), the full URL derived from the custom upload path must be used directly.10 Section III highlights the importance of explicitly storing file paths/URLs in post meta.

III. Conditional Media Handling Pipeline: Bypassing Attachment Creation

This section addresses requirement 2: preventing attachment ID creation for transient objects.

III.A. Limitations of Standard WP Upload Flow

High-level WP upload functions such as media_handle_upload() for local files or media_handle_sideload() for remote files are wrapper functions automating file moves and database registration.11

Notably, media_handle_sideload() downloads a file from a remote URL, stores it in the file system, then necessarily calls wp_insert_attachment() to register it in the database and generates metadata via wp_generate_attachment_metadata().11 It returns the newly created attachment ID on success.11

Relying on these high-level functions conflicts with the core requirement to bypass database registration. Therefore, low-level file handling APIs must be used directly to perform only file system operations.

III.B. Database Bypass Strategy: Low-Level File Operations

To implement a database-bypassing flow, access to WordPress core file handling functions is required. When executed outside admin context, the necessary core files must be manually included.13

require_once( ABSPATH . 'wp-admin/includes/file.php' );  
require_once( ABSPATH . 'wp-admin/includes/media.php' );  
// require_once( ABSPATH . 'wp-admin/includes/image.php' ); // Optional for metadata generation

Step 1: Fetch Remote File (download_url())

ActivityPub payloads include external media URLs. To store these on the server, download_url() is used to safely retrieve the remote resource to a temporary server location.13 This function returns the temporary file path.

Step 2: Move File to Custom Path (Bypass Point)

Once the temporary file is ready, wp_handle_sideload() moves it to the final custom upload path.15 This function handles filename sanitization, MIME type checking, and moves the file according to the currently active upload_dir filter.16

The key structural difference is that wp_handle_sideload() (and similar wp_handle_upload()) perform only file system operations and return an array with the final path and URL. Unlike media_handle_sideload(), they do not call wp_insert_attachment(), making them ideal for transient object caching.

Function	Key Action	Attachment ID Creation	Recommended Use in Federated Environment
media_handle_upload()	Handles local file and inserts DB entry.	Always creates.	Images defined as independent media objects by user/system.
media_handle_sideload()	Downloads remote URL and inserts DB entry.	Always creates.	Remote images requiring permanent, addressable WP media library ID.
wp_handle_upload()	Sanitizes file and moves to target directory.	No, file system only.	Base for custom uploads without WP attachment registration.
wp_handle_sideload() 15	Downloads remote URL and moves to target directory.	No, file system only.	Core function to cache transient ActivityPub objects without DB overhead.

Step 3: Store File References and Use Post Meta

Since no attachment ID is created, links must be established for later reference to the file system-stored media. The final file path and URL returned by wp_handle_sideload() ($file['url'], $file['file']) must be explicitly stored in the meta of the parent CPT post (e.g., federated activity post) using update_post_meta().6 This ensures essential linkage between the CPT post and cached file.

III.C. Integrated Conditional Logic Flow

The media handling pipeline must decide whether to bypass the database immediately after parsing the AS2 payload and determining the object’s identity status (ID present or absent).

1. Receive and parse remote media object (URL, metadata).
2. Identity Check: Does the object contain a standard AS2 id?
3. ID Present (Permanent): Use media_handle_sideload() to register as a full WordPress attachment and assign WP ID.
4. ID Missing (Transient): Execute the custom bypass strategy described in Section II.C, calling download_url() and wp_handle_sideload(), then storing the returned path/URL in post meta.

This ensures the system meets AS2 semantic requirements while efficiently managing database resources.

IV. Operational Integrity: Deletion and Garbage Collection

This section addresses lifecycle management of files not registered in the media library, i.e., cleaning transient objects in the file system.

IV.A. Orphaned Files Problem

Using custom upload paths and bypassing database registration can create “orphaned files.” When the parent CPT post is deleted, the database entry is removed, but the physical file remains on the server, wasting storage.9

This occurs because the file is linked via post meta, not as a standard attachment, so standard media deletion hooks (wp_delete_attachment()) do not execute.9

IV.B. Using Deletion Lifecycle Hooks

To resolve this, deletion of cached transient files must be triggered when the parent post is deleted.

WordPress provides the delete_post action, which runs immediately before a post (including CPT posts) is deleted from the database.18 This hook is ideal for initiating transient media cleanup. While the standard delete_attachment hook is irrelevant here,19 understanding this context confirms the need for a custom solution.

IV.C. Custom File Deletion Handler: PHP Implementation

The deletion handler consists of three steps:

Step 1: Hooking and Context Verification

Attach a custom function to the delete_post hook and internally verify that it runs only when relevant CPT posts (e.g., Activities) are deleted.

Step 2: Path Retrieval

Within the hook function, use get_post_meta() with the ID of the deleting post to retrieve previously stored custom file paths (or arrays of paths) from Section III.B.6

Step 3: File System Removal

Use the retrieved full paths to call PHP’s unlink() function, physically deleting files from the server.20 unlink() returns true on success. Error handling is essential for file permissions or non-existence. unlink() works only on files; directories require rmdir().21

Object Type	Related WP Post Type	WP Deletion Hook	File Removal Responsibility
Independent

Media (Permanent) | attachment | delete_attachment 19 | WP core (standard cleanup including file variants). |
| Transient Media (Non-Permanent) | Custom Post Type (Parent Post) | delete_post 18 | Custom handler (retrieve paths from meta, use unlink() 20). |

IV.D. Advanced Considerations: Metadata and Performance Caching

1. Handling Media Variants

WordPress generally generates multiple image sizes (e.g., thumbnails). If similar variants are generated for cached transient files in a federated environment, the custom deletion handler must search and unlink all related files (e.g., via filename patterns or serialized metadata entries).

2. Interaction with Federated Caching

Separately, when implementing a federated protocol, server-level caching strategies must be considered. ActivityPub requires returning different content for browser requests (HTML) vs. federated server requests (JSON) based on Accept headers.22 If traditional page caches like Varnish or WP caching plugins (e.g., Breeze, W3 Total Cache) are used, cache keys must be separated by Accept headers to avoid delivering incorrect content.23 Therefore, the custom media handling system must manage its own file system cache while ensuring proper cache partitioning for parent CPT content.

V. Conclusion and Best Practice Summary

V.A. Comprehensive Understanding of Structural Integration

Expert-level architecture for federated media management requires reconfiguring WordPress core helper functions and strictly following AS2 semantic identity definitions.

Path Differentiation: Use the upload_dir filter to move file storage from the standard year/month structure to a custom directory. This filter must be strictly isolated to specific CPT contexts via pre-filters like wp_handle_upload_prefilter and removed immediately after operation.

Conditional Persistence: Storage strategy is bifurcated based on the presence of an AS2 id. Transient objects without an ID bypass high-level wrappers like media_handle_sideload(), using low-level functions (download_url() and wp_handle_sideload()) to store only in the file system. File URLs and paths are saved in post meta to reduce database overhead.

Lifecycle Management: For temporary files not registered in the database, standard deletion mechanisms do not apply. A custom garbage collection routine must be triggered at the parent CPT deletion (delete_post hook), retrieving stored metadata and physically deleting files using unlink() to prevent orphaned files.

V.B. Design and Operational Best Practices

1. Input Validation and Security: All file paths and URLs derived from received payloads must be thoroughly sanitized before file system or database use. This prevents directory traversal attacks and errors from malformed filenames.
2. Documentation: Custom file paths, related CPTs, and specific post meta keys used for referencing files must be clearly documented for maintenance, debugging, or manual cleanup.
3. Performance Considerations: In high-traffic ActivityPub systems, ensure server-level caching systems like Nginx respect Accept headers for custom media caching to mitigate performance issues.22
4. Filter Management: Temporary activation and deactivation (add/remove filter) of upload_dir is crucial to operational stability. Filter contamination can cause global path issues.

Only this layered and disciplined approach can safely and efficiently satisfy the complex semantic and technical requirements of federated protocols in a WordPress environment.