Support for WP REST Cache

[obenland]

See https://wordpress.org/support/topic/caching-activity-pub-endpoints/
See https://epiph.yt/en/blog/2025/accidental-ddos-through-activitypub-plugin/

Proposed changes:

• Adds integration with Rest Cache plugin.
• Adds Activitypub endpoints to allowlist and manages cache invalidation.

Other information:

• Have you written new tests for your changes, if applicable?

Testing instructions:

• Install the WP Rest Cache plugin and set it up.
• Send requests to various Activitypub REST API endpoints and make sure they get cached.
• Create a user update, something that doesn't create a new post, and make sure it flushes the cache.
• Send requests to various Activitypub REST API endpoints and make sure they get cached.
• Comment on a post and make sure it flushes the cache.

Changelog entry

• Automatically create a changelog entry from the details below.

Changelog Entry Details

Significance

• Patch
• Minor
• Major

Type

• Added - for new features
• Changed - for changes in existing functionality
• Deprecated - for soon-to-be removed features
• Removed - for now removed features
• Fixed - for any bug fixes
• Security - in case of vulnerabilities

Message

Added support for the WP Rest Cache plugin to help with caching REST API responses.

/cc @MatzeKitt

[obenland]

Proper cache invalidation will be the biggest challenge. New posts, new comments, user meta updates, blog user option updates, etc.

It would also be nice if we could avoid blanket-invalidating all cached ActivityPub endpoints for all of these, and be more targeted.

[MatzeKitt]

So we need to keep track of any change regarding any of the endpoints? Also, do we need to check whether the change does actually change the API endpoint response or should we always invalidate the cache when it might change the response?

I guess we currently have no decorated list of changes we need to look for?

[obenland]

Also, do we need to check whether the change does actually change the API endpoint response or should we always invalidate the cache when it might change the response?

Looking a bit more at the plugin, I think we'll have to be pretty broad about invalidating caches. Most of the endpoints are user/actor-based, and WP REST Cache doesn't have a concept for that. It's post type and post_id, and that seems to be pretty much it.

I think your approach of defining a custom type and invalidating all associated endpoints is probably the safest.

[obenland]

Need to do a bit more testing before this is ready for review.

[Copilot]

Pull Request Overview

Adds integration with the WP Rest Cache plugin to allowlist ActivityPub endpoints and invalidate caches when posts or comments change.

• Checks for the WP Rest Cache plugin in integration/load.php and initializes the integration.
• Introduces Activitypub\Integration\WP_Rest_Cache to register allowed endpoints, set cache metadata, and flush caches on status transitions.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
integration/load.php	Plugin existence check and call to initialize the WP Rest Cache hook
integration/class-wp-rest-cache.php	New class registering filters/actions for caching ActivityPub routes

Comments suppressed due to low confidence (2)

integration/class-wp-rest-cache.php:1

• No unit or integration tests were added for this caching integration. Consider adding tests to verify allowed endpoints, object type settings, single-item logic, and cache invalidation on status transitions.

<?php

integration/load.php:126

• The call to WP_Rest_Cache::init() will fail without importing or fully qualifying the Activitypub\Integration\WP_Rest_Cache class. Add use Activitypub\Integration\WP_Rest_Cache; at the top or call \Activitypub\Integration\WP_Rest_Cache::init().

	if ( class_exists( 'WP_Rest_Cache_Plugin\Includes\Plugin' ) ) {