diff --git a/.github/changelog/2311-from-description b/.github/changelog/2311-from-description
new file mode 100644
index 000000000..d71311093
--- /dev/null
+++ b/.github/changelog/2311-from-description
@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Added a new ap_object post type and taxonomies for storing and managing incoming ActivityPub objects, with updated handlers
diff --git a/includes/class-post-types.php b/includes/class-post-types.php
index b9994ec12..f13efd55c 100644
--- a/includes/class-post-types.php
+++ b/includes/class-post-types.php
@@ -12,6 +12,7 @@
 use Activitypub\Collection\Followers;
 use Activitypub\Collection\Inbox;
 use Activitypub\Collection\Outbox;
+use Activitypub\Collection\Posts;
 use Activitypub\Collection\Remote_Actors;
 
 /**
@@ -25,6 +26,7 @@ public static function init() {
 		\add_action( 'init', array( self::class, 'register_remote_actors_post_type' ), 11 );
 		\add_action( 'init', array( self::class, 'register_inbox_post_type' ), 11 );
 		\add_action( 'init', array( self::class, 'register_outbox_post_type' ), 11 );
+		\add_action( 'init', array( self::class, 'register_post_post_type' ), 11 );
 		\add_action( 'init', array( self::class, 'register_extra_fields_post_types' ), 11 );
 		\add_action( 'init', array( self::class, 'register_activitypub_post_meta' ), 11 );
 
@@ -345,6 +347,65 @@ public static function register_outbox_post_type() {
 		);
 	}
 
+	/**
+	 * Register the Object post type.
+	 */
+	public static function register_post_post_type() {
+		\register_post_type(
+			Posts::POST_TYPE,
+			array(
+				'labels'              => array(
+					'name'          => \_x( 'Posts', 'post_type plural name', 'activitypub' ),
+					'singular_name' => \_x( 'Post', 'post_type single name', 'activitypub' ),
+				),
+				'capabilities'        => array(
+					'create_posts' => false,
+				),
+				'map_meta_cap'        => true,
+				'public'              => false,
+				'show_in_rest'        => true,
+				'rewrite'             => false,
+				'query_var'           => false,
+				'supports'            => array( 'title', 'editor', 'author', 'custom-fields', 'excerpt', 'comments' ),
+				'delete_with_user'    => true,
+				'can_export'          => true,
+				'exclude_from_search' => true,
+				'taxonomies'          => array( 'ap_tag', 'ap_object_type' ),
+			)
+		);
+
+		\register_taxonomy(
+			'ap_tag',
+			array( Posts::POST_TYPE ),
+			array(
+				'public'       => false,
+				'query_var'    => true,
+				'show_in_rest' => true,
+			)
+		);
+
+		\register_taxonomy(
+			'ap_object_type',
+			array( Posts::POST_TYPE ),
+			array(
+				'public'       => false,
+				'query_var'    => true,
+				'show_in_rest' => true,
+			)
+		);
+
+		\register_post_meta(
+			Posts::POST_TYPE,
+			'_activitypub_remote_actor_id',
+			array(
+				'type'              => 'integer',
+				'single'            => true,
+				'description'       => 'The local ID of the remote actor that created the object.',
+				'sanitize_callback' => 'absint',
+			)
+		);
+	}
+
 	/**
 	 * Register the Extra Fields post types.
 	 */
diff --git a/includes/class-sanitize.php b/includes/class-sanitize.php
index 1f006b66e..5c6569e44 100644
--- a/includes/class-sanitize.php
+++ b/includes/class-sanitize.php
@@ -182,4 +182,19 @@ public static function webfinger( $value ) {
 
 		return $value;
 	}
+
+	/**
+	 * Sanitize content for ActivityPub.
+	 *
+	 * @param string $content The content to convert.
+	 *
+	 * @return string The converted content.
+	 */
+	public static function content( $content ) {
+		$content = \make_clickable( $content );
+		$content = \wpautop( $content );
+		$content = \wp_kses_post( $content );
+
+		return $content;
+	}
 }
diff --git a/includes/collection/class-inbox.php b/includes/collection/class-inbox.php
index fadf9a53d..4242f4ee2 100644
--- a/includes/collection/class-inbox.php
+++ b/includes/collection/class-inbox.php
@@ -20,6 +20,11 @@
  * @link https://www.w3.org/TR/activitypub/#inbox
  */
 class Inbox {
+	/**
+	 * The post type for the objects.
+	 *
+	 * @var string
+	 */
 	const POST_TYPE = 'ap_inbox';
 
 	/**
diff --git a/includes/collection/class-outbox.php b/includes/collection/class-outbox.php
index 9e3011891..83fa00b4f 100644
--- a/includes/collection/class-outbox.php
+++ b/includes/collection/class-outbox.php
@@ -20,6 +20,11 @@
  * @link https://www.w3.org/TR/activitypub/#outbox
  */
 class Outbox {
+	/**
+	 * The post type for the objects.
+	 *
+	 * @var string
+	 */
 	const POST_TYPE = 'ap_outbox';
 
 	/**
diff --git a/includes/collection/class-posts.php b/includes/collection/class-posts.php
new file mode 100644
index 000000000..1e2a63076
--- /dev/null
+++ b/includes/collection/class-posts.php
@@ -0,0 +1,167 @@
+<?php
+/**
+ * Posts collection file.
+ *
+ * @package Activitypub
+ */
+
+namespace Activitypub\Collection;
+
+use Activitypub\Sanitize;
+
+use function Activitypub\object_to_uri;
+
+/**
+ * Posts collection.
+ *
+ * Provides methods to retrieve, create, update, and manage ActivityPub posts (articles, notes, media, etc.).
+ */
+class Posts {
+	/**
+	 * The post type for the posts.
+	 *
+	 * @var string
+	 */
+	const POST_TYPE = 'ap_post';
+
+	/**
+	 * Add an object to the collection.
+	 *
+	 * @param array $activity The activity object data.
+	 *
+	 * @return \WP_Post|\WP_Error The object post or WP_Error on failure.
+	 */
+	public static function add( $activity ) {
+		$activity_object = $activity['object'];
+		$actor           = Remote_Actors::fetch_by_uri( object_to_uri( $activity_object['attributedTo'] ) );
+
+		if ( \is_wp_error( $actor ) ) {
+			return $actor;
+		}
+
+		$post_array = self::activity_to_post( $activity_object );
+		$post_id    = \wp_insert_post( $post_array, true );
+
+		if ( \is_wp_error( $post_id ) ) {
+			return $post_id;
+		}
+
+		\add_post_meta( $post_id, '_activitypub_remote_actor_id', $actor->ID );
+
+		self::add_taxonomies( $post_id, $activity_object );
+
+		return \get_post( $post_id );
+	}
+
+	/**
+	 * Get an object from the collection.
+	 *
+	 * @param int $id The object ID.
+	 *
+	 * @return \WP_Post|null The post object or null on failure.
+	 */
+	public static function get( $id ) {
+		return \get_post( $id );
+	}
+
+	/**
+	 * Get an object by its GUID.
+	 *
+	 * @param string $guid The object GUID.
+	 *
+	 * @return \WP_Post|\WP_Error The object post or WP_Error on failure.
+	 */
+	public static function get_by_guid( $guid ) {
+		global $wpdb;
+		// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
+		$post_id = $wpdb->get_var(
+			$wpdb->prepare(
+				"SELECT ID FROM $wpdb->posts WHERE guid=%s AND post_type=%s",
+				\esc_url( $guid ),
+				self::POST_TYPE
+			)
+		);
+
+		if ( ! $post_id ) {
+			return new \WP_Error(
+				'activitypub_object_not_found',
+				\__( 'Object not found', 'activitypub' ),
+				array( 'status' => 404 )
+			);
+		}
+
+		return \get_post( $post_id );
+	}
+
+	/**
+	 * Update an object in the collection.
+	 *
+	 * @param array $activity The activity object data.
+	 *
+	 * @return \WP_Post|\WP_Error The updated object post or WP_Error on failure.
+	 */
+	public static function update( $activity ) {
+		$post = self::get_by_guid( $activity['object']['id'] );
+		if ( \is_wp_error( $post ) ) {
+			return $post;
+		}
+
+		$post_array       = self::activity_to_post( $activity['object'] );
+		$post_array['ID'] = $post->ID;
+		$post_id          = \wp_update_post( $post_array, true );
+
+		if ( \is_wp_error( $post_id ) ) {
+			return $post_id;
+		}
+
+		self::add_taxonomies( $post_id, $activity['object'] );
+
+		return \get_post( $post_id );
+	}
+
+	/**
+	 * Convert an activity to a post array.
+	 *
+	 * @param array $activity The activity array.
+	 *
+	 * @return array|\WP_Error The post array or WP_Error on failure.
+	 */
+	private static function activity_to_post( $activity ) {
+		if ( ! is_array( $activity ) ) {
+			return new \WP_Error( 'invalid_activity', __( 'Invalid activity format', 'activitypub' ) );
+		}
+
+		return array(
+			'post_title'   => isset( $activity['name'] ) ? \wp_strip_all_tags( $activity['name'] ) : '',
+			'post_content' => isset( $activity['content'] ) ? Sanitize::content( $activity['content'] ) : '',
+			'post_excerpt' => isset( $activity['summary'] ) ? \wp_strip_all_tags( $activity['summary'] ) : '',
+			'post_status'  => 'publish',
+			'post_type'    => self::POST_TYPE,
+			'guid'         => isset( $activity['id'] ) ? \esc_url_raw( $activity['id'] ) : '',
+		);
+	}
+
+	/**
+	 * Add taxonomies to the object post.
+	 *
+	 * @param int   $post_id         The post ID.
+	 * @param array $activity_object The activity object data.
+	 */
+	private static function add_taxonomies( $post_id, $activity_object ) {
+		// Save Object Type as Taxonomy item.
+		\wp_set_post_terms( $post_id, array( $activity_object['type'] ), 'ap_object_type' );
+
+		$tags = array();
+
+		// Save the Hashtags as Taxonomy items.
+		if ( ! empty( $activity_object['tag'] ) && \is_array( $activity_object['tag'] ) ) {
+			foreach ( $activity_object['tag'] as $tag ) {
+				if ( isset( $tag['type'] ) && 'Hashtag' === $tag['type'] && isset( $tag['name'] ) ) {
+					$tags[] = \wp_strip_all_tags( ltrim( $tag['name'], '#' ) );
+				}
+			}
+		}
+
+		\wp_set_post_terms( $post_id, $tags, 'ap_tag' );
+	}
+}
diff --git a/includes/debug.php b/includes/debug.php
index e629ccd65..abf2a8377 100644
--- a/includes/debug.php
+++ b/includes/debug.php
@@ -9,6 +9,7 @@
 
 use Activitypub\Collection\Inbox;
 use Activitypub\Collection\Outbox;
+use Activitypub\Collection\Posts;
 
 /**
  * Allow localhost URLs if WP_DEBUG is true.
@@ -32,8 +33,8 @@ function allow_localhost( $parsed_args ) {
  *
  * @return array The arguments for the post type.
  */
-function debug_outbox_post_type( $args, $post_type ) {
-	if ( ! \in_array( $post_type, array( Outbox::POST_TYPE, Inbox::POST_TYPE ), true ) ) {
+function debug_post_type( $args, $post_type ) {
+	if ( ! \in_array( $post_type, array( Outbox::POST_TYPE, Inbox::POST_TYPE, Posts::POST_TYPE ), true ) ) {
 		return $args;
 	}
 
@@ -43,11 +44,33 @@ function debug_outbox_post_type( $args, $post_type ) {
 		$args['menu_icon'] = 'dashicons-upload';
 	} elseif ( Inbox::POST_TYPE === $post_type ) {
 		$args['menu_icon'] = 'dashicons-download';
+	} elseif ( Posts::POST_TYPE === $post_type ) {
+		$args['menu_icon'] = 'dashicons-media-document';
+	}
+
+	return $args;
+}
+\add_filter( 'register_post_type_args', '\Activitypub\debug_post_type', 10, 2 );
+
+/**
+ * Debug the object type taxonomy.
+ *
+ * @param array  $args     The arguments for the taxonomy.
+ * @param string $taxonomy The taxonomy.
+ *
+ * @return array The arguments for the taxonomy.
+ */
+function debug_taxonomy( $args, $taxonomy ) {
+	if ( ! in_array( $taxonomy, array( 'ap_object_type', 'ap_tag' ), true ) ) {
+		return $args;
 	}
 
+	$args['show_ui']      = true;
+	$args['show_in_menu'] = true;
+
 	return $args;
 }
-\add_filter( 'register_post_type_args', '\Activitypub\debug_outbox_post_type', 10, 2 );
+\add_filter( 'register_taxonomy_args', '\Activitypub\debug_taxonomy', 10, 2 );
 
 /**
  * Debug the outbox post type column.
diff --git a/includes/handler/class-create.php b/includes/handler/class-create.php
index 579562201..b74a4d378 100644
--- a/includes/handler/class-create.php
+++ b/includes/handler/class-create.php
@@ -8,6 +8,7 @@
 namespace Activitypub\Handler;
 
 use Activitypub\Collection\Interactions;
+use Activitypub\Collection\Posts;
 
 use function Activitypub\get_activity_visibility;
 use function Activitypub\is_activity_reply;
@@ -34,14 +35,42 @@ public static function init() {
 	 * @param \Activitypub\Activity\Activity $activity_object Optional. The activity object. Default null.
 	 */
 	public static function handle_create( $activity, $user_id, $activity_object = null ) {
-		// Check if Activity is public or not.
-		if (
-			ACTIVITYPUB_CONTENT_VISIBILITY_PRIVATE === get_activity_visibility( $activity ) ||
-			! is_activity_reply( $activity )
-		) {
+		// Check for private and/or direct messages.
+		if ( ACTIVITYPUB_CONTENT_VISIBILITY_PRIVATE === get_activity_visibility( $activity ) ) {
+			$result = false;
+		} elseif ( is_activity_reply( $activity ) ) { // Check for replies.
+			$result = self::create_interaction( $activity, $user_id, $activity_object );
+		} else { // Handle non-interaction objects.
+			$result = self::create_post( $activity, $user_id, $activity_object );
+		}
+
+		if ( false === $result ) {
 			return;
 		}
 
+		$success = ! \is_wp_error( $result );
+
+		/**
+		 * Fires after an ActivityPub Create activity has been handled.
+		 *
+		 * @param array                          $activity The ActivityPub activity data.
+		 * @param int                            $user_id  The local user ID.
+		 * @param bool                           $success  True on success, false otherwise.
+		 * @param \WP_Comment|\WP_Post|\WP_Error $result   The WP_Comment object of the created comment, or null if creation failed.
+		 */
+		\do_action( 'activitypub_handled_create', $activity, $user_id, $success, $result );
+	}
+
+	/**
+	 * Handle interactions like replies.
+	 *
+	 * @param array                          $activity        The activity-object.
+	 * @param int                            $user_id         The id of the local blog-user.
+	 * @param \Activitypub\Activity\Activity $activity_object Optional. The activity object. Default null.
+	 *
+	 * @return \WP_Comment|\WP_Error|false The created comment, WP_Error on failure, false if not processed.
+	 */
+	public static function create_interaction( $activity, $user_id, $activity_object = null ) {
 		$check_dupe = object_id_to_comment( $activity['object']['id'] );
 
 		// If comment exists, call update action.
@@ -54,30 +83,48 @@ public static function handle_create( $activity, $user_id, $activity_object = nu
 			 * @param \Activitypub\Activity\Activity $activity_object The activity object.
 			 */
 			\do_action( 'activitypub_inbox_update', $activity, $user_id, $activity_object );
-			return;
+			return false;
 		}
 
 		if ( is_self_ping( $activity['object']['id'] ) ) {
-			return;
+			return false;
 		}
 
-		$success = false;
-		$result  = Interactions::add_comment( $activity );
+		$result = Interactions::add_comment( $activity );
 
-		if ( $result && ! \is_wp_error( $result ) ) {
-			$success = true;
-			$result  = \get_comment( $result );
+		if ( ! $result || \is_wp_error( $result ) ) {
+			return $result;
 		}
 
-		/**
-		 * Fires after an ActivityPub Create activity has been handled.
-		 *
-		 * @param array                            $activity The ActivityPub activity data.
-		 * @param int                              $user_id  The local user ID.
-		 * @param bool                             $success  True on success, false otherwise.
-		 * @param array|string|int|\WP_Error|false $result   The WP_Comment object of the created comment, or null if creation failed.
-		 */
-		\do_action( 'activitypub_handled_create', $activity, $user_id, $success, $result );
+		return \get_comment( $result );
+	}
+
+	/**
+	 * Handle non-interaction posts like posts.
+	 *
+	 * @param array                          $activity        The activity-object.
+	 * @param int                            $user_id         The id of the local blog-user.
+	 * @param \Activitypub\Activity\Activity $activity_object Optional. The activity object. Default null.
+	 *
+	 * @return \WP_Post|\WP_Error|false The post on success or WP_Error on failure.
+	 */
+	public static function create_post( $activity, $user_id, $activity_object = null ) {
+		$check_dupe = Posts::get_by_guid( $activity['object']['id'] );
+
+		// If comment exists, call update action.
+		if ( ! \is_wp_error( $check_dupe ) ) {
+			/**
+			 * Fires when a Create activity is received for an existing object.
+			 *
+			 * @param array                          $activity        The activity-object.
+			 * @param int                            $user_id         The id of the local blog-user.
+			 * @param \Activitypub\Activity\Activity $activity_object The activity object.
+			 */
+			\do_action( 'activitypub_inbox_update', $activity, $user_id, $activity_object );
+			return false;
+		}
+
+		return Posts::add( $activity );
 	}
 
 	/**
diff --git a/includes/handler/class-update.php b/includes/handler/class-update.php
index 7ff72ac2a..b7c355506 100644
--- a/includes/handler/class-update.php
+++ b/includes/handler/class-update.php
@@ -8,9 +8,11 @@
 namespace Activitypub\Handler;
 
 use Activitypub\Collection\Interactions;
+use Activitypub\Collection\Posts;
 use Activitypub\Collection\Remote_Actors;
 
 use function Activitypub\get_remote_metadata_by_actor;
+use function Activitypub\is_activity_reply;
 
 /**
  * Handle Update requests.
@@ -58,7 +60,7 @@ public static function handle_update( $activity, $user_id ) {
 			case 'Video':
 			case 'Event':
 			case 'Document':
-				self::update_interaction( $activity, $user_id );
+				self::update_object( $activity, $user_id );
 				break;
 
 			/*
@@ -72,29 +74,34 @@ public static function handle_update( $activity, $user_id ) {
 	}
 
 	/**
-	 * Update an Interaction.
+	 * Update an Object.
 	 *
 	 * @param array $activity The Activity object.
 	 * @param int   $user_id  The user ID. Always null for Update activities.
 	 */
-	public static function update_interaction( $activity, $user_id ) {
-		$comment_data = Interactions::update_comment( $activity );
-		$success      = false;
+	public static function update_object( $activity, $user_id ) {
+		$result = new \WP_Error( 'activitypub_update_failed', 'Update failed' );
 
-		if ( ! empty( $comment_data['comment_ID'] ) ) {
-			$success = true;
-			$result  = \get_comment( $comment_data['comment_ID'] );
+		// Check for private and/or direct messages.
+		if ( is_activity_reply( $activity ) ) {
+			$comment_data = Interactions::update_comment( $activity );
+
+			if ( ! empty( $comment_data['comment_ID'] ) ) {
+				$result = \get_comment( $comment_data['comment_ID'] );
+			}
 		} else {
-			$result = $comment_data;
+			$result = Posts::update( $activity );
 		}
 
+		$success = ( $result && ! \is_wp_error( $result ) );
+
 		/**
 		 * Fires after an ActivityPub Update activity has been handled.
 		 *
-		 * @param array                            $activity The ActivityPub activity data.
-		 * @param int                              $user_id  The local user ID.
-		 * @param bool                             $success  True on success, false otherwise.
-		 * @param array|string|int|\WP_Error|false $result   The updated comment, or null if update failed.
+		 * @param array                          $activity The ActivityPub activity data.
+		 * @param int                            $user_id  The local user ID.
+		 * @param bool                           $success  True on success, false otherwise.
+		 * @param \WP_Comment|\WP_Post|\WP_Error $result   The updated post, comment, or error.
 		 */
 		\do_action( 'activitypub_handled_update', $activity, $user_id, $success, $result );
 	}
@@ -110,11 +117,11 @@ public static function update_actor( $activity, $user_id ) {
 		$actor = get_remote_metadata_by_actor( $activity['actor'], false );
 
 		if ( ! $actor || \is_wp_error( $actor ) || ! isset( $actor['id'] ) ) {
-			return;
+			$state = new \WP_Error( 'activitypub_update_failed', 'Update failed: could not fetch actor data' );
+		} else {
+			$state = Remote_Actors::upsert( $actor );
 		}
 
-		$state = Remote_Actors::upsert( $actor );
-
 		/**
 		 * Fires after an ActivityPub Update activity has been handled.
 		 *
diff --git a/tests/phpunit/tests/includes/class-test-sanitize.php b/tests/phpunit/tests/includes/class-test-sanitize.php
index f8c9860ae..aff8cff19 100644
--- a/tests/phpunit/tests/includes/class-test-sanitize.php
+++ b/tests/phpunit/tests/includes/class-test-sanitize.php
@@ -182,4 +182,76 @@ public function test_blog_identifier_with_existing_user() {
 
 		\wp_delete_user( $user_id );
 	}
+
+	/**
+	 * Test content sanitization without blocks support.
+	 *
+	 * @covers ::content
+	 */
+	public function test_content_without_blocks() {
+		// Mock site_supports_blocks to return false.
+		add_filter( 'activitypub_site_supports_blocks', '__return_false' );
+
+		$content = '<h1>Test Heading</h1><p>Test paragraph</p>';
+		$result  = Sanitize::content( $content );
+
+		// Should not convert to blocks when blocks are not supported.
+		$this->assertStringNotContainsString( '<!-- wp:', $result );
+		$this->assertStringContainsString( '<h1>Test Heading</h1>', $result );
+		$this->assertStringContainsString( '<p>Test paragraph</p>', $result );
+
+		remove_filter( 'activitypub_site_supports_blocks', '__return_false' );
+	}
+
+	/**
+	 * Test content sanitization with malicious content.
+	 *
+	 * @covers ::content
+	 */
+	public function test_content_security() {
+		$malicious_content = '<p>Safe content</p><script>alert("XSS")</script><iframe src="evil.com"></iframe>';
+		$result            = Sanitize::content( $malicious_content );
+
+		$this->assertStringContainsString( 'Safe content', $result );
+		$this->assertStringNotContainsString( 'script', $result );
+		$this->assertStringNotContainsString( 'iframe', $result );
+		$this->assertStringNotContainsString( 'evil.com', $result );
+	}
+
+	/**
+	 * Test content sanitization with URLs.
+	 *
+	 * @covers ::content
+	 */
+	public function test_content_urls() {
+		$content = 'Visit https://example.com for more info';
+		$result  = Sanitize::content( $content );
+
+		// Should make URLs clickable.
+		$this->assertStringContainsString( '<a href="https://example.com"', $result );
+	}
+
+	/**
+	 * Test content sanitization with empty content.
+	 *
+	 * @covers ::content
+	 */
+	public function test_content_empty() {
+		$this->assertEquals( '', Sanitize::content( '' ) );
+		// Whitespace-only content gets processed and becomes empty.
+		$this->assertEquals( '', Sanitize::content( '   ' ) );
+	}
+
+	/**
+	 * Test content sanitization preserves safe HTML.
+	 *
+	 * @covers ::content
+	 */
+	public function test_content_preserves_safe_html() {
+		$content = '<p><strong>Bold</strong> and <em>italic</em> text</p>';
+		$result  = Sanitize::content( $content );
+
+		$this->assertStringContainsString( '<strong>Bold</strong>', $result );
+		$this->assertStringContainsString( '<em>italic</em>', $result );
+	}
 }
diff --git a/tests/phpunit/tests/includes/collection/class-test-posts.php b/tests/phpunit/tests/includes/collection/class-test-posts.php
new file mode 100644
index 000000000..459389d45
--- /dev/null
+++ b/tests/phpunit/tests/includes/collection/class-test-posts.php
@@ -0,0 +1,272 @@
+<?php
+/**
+ * Test Posts Collection.
+ *
+ * @package Activitypub
+ */
+
+namespace Activitypub\Tests\Collection;
+
+use Activitypub\Collection\Posts;
+use Activitypub\Collection\Remote_Actors;
+use Activitypub\Post_Types;
+
+/**
+ * Posts Collection Test Class.
+ *
+ * @coversDefaultClass \Activitypub\Collection\Posts
+ */
+class Test_Posts extends \WP_UnitTestCase {
+
+	/**
+	 * Set up test environment.
+	 */
+	public function set_up() {
+		parent::set_up();
+
+		// Register required post types.
+		Post_Types::register_remote_actors_post_type();
+		Post_Types::register_post_post_type();
+
+		// Mock HTTP requests for Remote_Actors::fetch_by_uri.
+		add_filter( 'pre_http_request', array( $this, 'mock_http_request' ), 10, 3 );
+	}
+
+	/**
+	 * Tear down test environment.
+	 */
+	public function tear_down() {
+		remove_filter( 'pre_http_request', array( $this, 'mock_http_request' ) );
+		parent::tear_down();
+	}
+
+	/**
+	 * Mock HTTP requests for remote actor fetching.
+	 *
+	 * @param mixed  $response The response to return.
+	 * @param array  $parsed_args The parsed arguments.
+	 * @param string $url The URL being requested.
+	 * @return mixed The mocked response or original response.
+	 */
+	public function mock_http_request( $response, $parsed_args, $url ) {
+		if ( 'https://example.com/users/testuser' === $url ) {
+			return array(
+				'response' => array( 'code' => 200 ),
+				'body'     => wp_json_encode(
+					array(
+						'id'                => 'https://example.com/users/testuser',
+						'type'              => 'Person',
+						'name'              => 'Test Actor',
+						'preferredUsername' => 'testuser',
+						'summary'           => 'A test actor',
+						'url'               => 'https://example.com/users/testuser',
+						'inbox'             => 'https://example.com/users/testuser/inbox',
+						'outbox'            => 'https://example.com/users/testuser/outbox',
+					)
+				),
+			);
+		}
+
+		if ( 'https://nonexistent.com/users/unknown' === $url ) {
+			return new \WP_Error( 'http_request_failed', 'Could not resolve host' );
+		}
+
+		return $response;
+	}
+
+	/**
+	 * Test adding an object to the collection.
+	 *
+	 * @covers ::add
+	 */
+	public function test_add() {
+		$activity = array(
+			'object' => array(
+				'id'           => 'https://example.com/objects/123',
+				'type'         => 'Note',
+				'name'         => 'Test Object',
+				'content'      => '<p>This is a test object content</p>',
+				'summary'      => 'Test summary',
+				'attributedTo' => 'https://example.com/users/testuser',
+				'published'    => '2023-01-01T12:00:00Z',
+			),
+		);
+
+		$result = Posts::add( $activity );
+
+		$this->assertInstanceOf( '\WP_Post', $result );
+		$this->assertEquals( 'Test Object', $result->post_title );
+		$this->assertEquals( Posts::POST_TYPE, $result->post_type );
+		$this->assertEquals( 'publish', $result->post_status );
+		$this->assertEquals( 'https://example.com/objects/123', $result->guid );
+	}
+
+	/**
+	 * Test updating an existing object.
+	 *
+	 * @covers ::update
+	 */
+	public function test_update() {
+		// First, create an object.
+		$activity = array(
+			'object' => array(
+				'id'           => 'https://example.com/objects/456',
+				'type'         => 'Note',
+				'name'         => 'Original Title',
+				'content'      => '<p>Original content</p>',
+				'attributedTo' => 'https://example.com/users/testuser',
+			),
+		);
+
+		$original_post = Posts::add( $activity );
+		$this->assertInstanceOf( '\WP_Post', $original_post );
+
+		// Now update it.
+		$update_activity = array(
+			'object' => array(
+				'id'      => 'https://example.com/objects/456',
+				'type'    => 'Note',
+				'name'    => 'Updated Title',
+				'content' => '<p>Updated content</p>',
+			),
+		);
+
+		$updated_post = Posts::update( $update_activity );
+
+		$this->assertInstanceOf( '\WP_Post', $updated_post );
+		$this->assertEquals( 'Updated Title', $updated_post->post_title );
+		$this->assertStringContainsString( 'Updated content', $updated_post->post_content );
+		$this->assertEquals( $original_post->ID, $updated_post->ID );
+	}
+
+	/**
+	 * Test updating a non-existent object.
+	 *
+	 * @covers ::update
+	 */
+	public function test_update_nonexistent() {
+		$activity = array(
+			'object' => array(
+				'id'      => 'https://example.com/objects/nonexistent',
+				'type'    => 'Note',
+				'name'    => 'Updated Title',
+				'content' => '<p>Updated content</p>',
+			),
+		);
+
+		$result = Posts::update( $activity );
+
+		$this->assertInstanceOf( '\WP_Error', $result );
+	}
+
+	/**
+	 * Test getting an object by GUID.
+	 *
+	 * @covers ::get_by_guid
+	 */
+	public function test_get_by_guid() {
+		// Create an object.
+		$activity = array(
+			'object' => array(
+				'id'           => 'https://example.com/objects/789',
+				'type'         => 'Note',
+				'name'         => 'Test Object',
+				'content'      => '<p>Test content</p>',
+				'attributedTo' => 'https://example.com/users/testuser',
+			),
+		);
+
+		$post = Posts::add( $activity );
+		$this->assertInstanceOf( '\WP_Post', $post );
+
+		// Test retrieval.
+		$retrieved_post = Posts::get_by_guid( 'https://example.com/objects/789' );
+
+		$this->assertInstanceOf( '\WP_Post', $retrieved_post );
+		$this->assertEquals( $post->ID, $retrieved_post->ID );
+		$this->assertEquals( 'Test Object', $retrieved_post->post_title );
+	}
+
+	/**
+	 * Test getting a non-existent object by GUID.
+	 *
+	 * @covers ::get_by_guid
+	 */
+	public function test_get_by_guid_nonexistent() {
+		$result = Posts::get_by_guid( 'https://example.com/objects/nonexistent' );
+
+		$this->assertInstanceOf( '\WP_Error', $result );
+	}
+
+	/**
+	 * Test activity to post conversion.
+	 *
+	 * @covers ::activity_to_post
+	 */
+	public function test_activity_to_post() {
+		$activity = array(
+			'id'        => 'https://example.com/objects/test',
+			'type'      => 'Note',
+			'name'      => 'Test Title',
+			'content'   => '<p>Test content with <strong>HTML</strong></p>',
+			'summary'   => 'Test summary',
+			'published' => '2023-01-01T12:00:00Z',
+		);
+
+		// Use reflection to access the private method.
+		$reflection = new \ReflectionClass( Posts::class );
+		$method     = $reflection->getMethod( 'activity_to_post' );
+		$method->setAccessible( true );
+
+		$result = $method->invoke( null, $activity );
+
+		$this->assertIsArray( $result );
+		$this->assertEquals( 'Test Title', $result['post_title'] );
+		$this->assertEquals( 'Test summary', $result['post_excerpt'] );
+		$this->assertEquals( Posts::POST_TYPE, $result['post_type'] );
+		$this->assertEquals( 'publish', $result['post_status'] );
+		$this->assertEquals( 'https://example.com/objects/test', $result['guid'] );
+		$this->assertStringContainsString( 'Test content', $result['post_content'] );
+	}
+
+	/**
+	 * Test activity to post conversion with invalid data.
+	 *
+	 * @covers ::activity_to_post
+	 */
+	public function test_activity_to_post_invalid() {
+		// Use reflection to access the private method.
+		$reflection = new \ReflectionClass( Posts::class );
+		$method     = $reflection->getMethod( 'activity_to_post' );
+		$method->setAccessible( true );
+
+		$result = $method->invoke( null, 'invalid_data' );
+
+		$this->assertInstanceOf( '\WP_Error', $result );
+	}
+
+	/**
+	 * Test activity to post conversion with minimal data.
+	 *
+	 * @covers ::activity_to_post
+	 */
+	public function test_activity_to_post_minimal() {
+		$activity = array(
+			'type' => 'Note',
+		);
+
+		// Use reflection to access the private method.
+		$reflection = new \ReflectionClass( Posts::class );
+		$method     = $reflection->getMethod( 'activity_to_post' );
+		$method->setAccessible( true );
+
+		$result = $method->invoke( null, $activity );
+
+		$this->assertIsArray( $result );
+		$this->assertEquals( '', $result['post_title'] );
+		$this->assertEquals( '', $result['post_content'] );
+		$this->assertEquals( '', $result['post_excerpt'] );
+		$this->assertEquals( Posts::POST_TYPE, $result['post_type'] );
+		$this->assertEquals( 'publish', $result['post_status'] );
+	}
+}
diff --git a/tests/phpunit/tests/includes/handler/class-test-create.php b/tests/phpunit/tests/includes/handler/class-test-create.php
index f25af22fa..f70c66cab 100644
--- a/tests/phpunit/tests/includes/handler/class-test-create.php
+++ b/tests/phpunit/tests/includes/handler/class-test-create.php
@@ -7,7 +7,9 @@
 
 namespace Activitypub\Tests\Handler;
 
+use Activitypub\Collection\Posts;
 use Activitypub\Handler\Create;
+use Activitypub\Post_Types;
 
 /**
  * Test class for Create Handler.
@@ -48,6 +50,12 @@ class Test_Create extends \WP_UnitTestCase {
 	 * Set up the test.
 	 */
 	public function set_up() {
+		parent::set_up();
+
+		// Register required post types.
+		Post_Types::register_remote_actors_post_type();
+		Post_Types::register_post_post_type();
+
 		$this->user_id  = 1;
 		$authordata     = \get_userdata( $this->user_id );
 		$this->user_url = $authordata->user_url;
@@ -283,4 +291,149 @@ public function test_handle_create_check_multiple_comments() {
 		$this->assertEquals( 'example2', $result[1]->comment_content );
 		$this->assertCount( 2, $result );
 	}
+
+	/**
+	 * Test handling create activity for objects with content sanitization.
+	 *
+	 * @covers ::handle_create
+	 * @covers ::create_post
+	 */
+	public function test_handle_create_object_with_sanitization() {
+		// Mock HTTP request for Remote_Actors::fetch_by_uri.
+		add_filter(
+			'pre_http_request',
+			function ( $response, $parsed_args, $url ) {
+				if ( 'https://example.com/users/testuser' === $url ) {
+					return array(
+						'response' => array( 'code' => 200 ),
+						'body'     => wp_json_encode(
+							array(
+								'id'                => 'https://example.com/users/testuser',
+								'type'              => 'Person',
+								'name'              => 'Test Actor',
+								'preferredUsername' => 'testuser',
+								'summary'           => 'A test actor',
+								'url'               => 'https://example.com/users/testuser',
+								'inbox'             => 'https://example.com/users/testuser/inbox',
+								'outbox'            => 'https://example.com/users/testuser/outbox',
+							)
+						),
+					);
+				}
+				return $response;
+			},
+			10,
+			3
+		);
+
+		$activity = array(
+			'id'     => 'https://example.com/activities/create_note_sanitize',
+			'type'   => 'Create',
+			'actor'  => 'https://example.com/users/testuser',
+			'to'     => array( 'https://www.w3.org/ns/activitystreams#Public' ),
+			'object' => array(
+				'id'           => 'https://example.com/objects/note_sanitize',
+				'type'         => 'Note',
+				'name'         => 'Test Note with <script>alert("xss")</script>',
+				'content'      => '<p>Safe content</p><script>alert("XSS")</script>',
+				'summary'      => 'A test note with malicious content',
+				'attributedTo' => 'https://example.com/users/testuser',
+				'published'    => '2023-01-01T12:00:00Z',
+				'to'           => array( 'https://www.w3.org/ns/activitystreams#Public' ),
+			),
+		);
+
+		Create::handle_create( $activity, $this->user_id );
+
+		// Verify the object was created with sanitized content.
+		$created_object = Posts::get_by_guid( 'https://example.com/objects/note_sanitize' );
+
+		$this->assertNotNull( $created_object );
+
+		// Content should be sanitized (no script tags).
+		$this->assertStringNotContainsString( 'script', $created_object->post_title );
+		$this->assertStringNotContainsString( 'script', $created_object->post_content );
+		$this->assertStringContainsString( 'Safe content', $created_object->post_content );
+
+		// Clean up filter.
+		remove_all_filters( 'pre_http_request' );
+	}
+
+	/**
+	 * Test handling private create activity.
+	 *
+	 * @covers ::handle_create
+	 */
+	public function test_handle_create_private_activity() {
+		$private_activity = array(
+			'type'   => 'Create',
+			'actor'  => 'https://example.com/users/testuser',
+			'object' => array(
+				'id'           => 'https://example.com/objects/private_note',
+				'type'         => 'Note',
+				'content'      => '<p>This is a private note</p>',
+				'attributedTo' => 'https://example.com/users/testuser',
+				'to'           => array( 'https://example.com/users/recipient' ), // Private message.
+			),
+		);
+
+		// Count objects before.
+		$objects_before = get_posts(
+			array(
+				'post_type'      => Posts::POST_TYPE,
+				'post_status'    => 'any',
+				'posts_per_page' => -1,
+			)
+		);
+
+		Create::handle_create( $private_activity, $this->user_id );
+
+		// Count objects after.
+		$objects_after = get_posts(
+			array(
+				'post_type'      => Posts::POST_TYPE,
+				'post_status'    => 'any',
+				'posts_per_page' => -1,
+			)
+		);
+
+		// Private activities should not create objects (or should be handled differently).
+		$this->assertEquals( count( $objects_before ), count( $objects_after ) );
+	}
+
+	/**
+	 * Test create activity with malformed object data.
+	 *
+	 * @covers ::handle_create
+	 */
+	public function test_handle_create_malformed_object() {
+		$malformed_activity = array(
+			'type'   => 'Create',
+			'actor'  => 'https://example.com/users/testuser',
+			'object' => 'not_an_array', // Invalid object format.
+		);
+
+		// Count objects before.
+		$objects_before = get_posts(
+			array(
+				'post_type'      => Posts::POST_TYPE,
+				'post_status'    => 'any',
+				'posts_per_page' => -1,
+			)
+		);
+
+		Create::handle_create( $malformed_activity, $this->user_id );
+
+		// Count objects after.
+		$objects_after = get_posts(
+			array(
+				'post_type'      => Posts::POST_TYPE,
+				'post_status'    => 'any',
+				'posts_per_page' => -1,
+			)
+		);
+
+		// Should not create objects with malformed data.
+		$this->assertEquals( count( $objects_before ), count( $objects_after ) );
+	}
 }