diff --git a/includes/class-signature.php b/includes/class-signature.php
index e66aa4b..d021cf0 100644
--- a/includes/class-signature.php
+++ b/includes/class-signature.php
@@ -4,6 +4,7 @@ namespace Activitypub;
 use WP_Error;
 use DateTime;
 use DateTimeZone;
+use WP_REST_Request;
 use Activitypub\Collection\Users;
 
 /**
@@ -226,7 +227,7 @@ class Signature {
 	/**
 	 * Verifies the http signatures
 	 *
-	 * @param WP_REQUEST|array $request The request object or $_SERVER array.
+	 * @param WP_REST_Request|array $request The request object or $_SERVER array.
 	 *
 	 * @return mixed A boolean or WP_Error.
 	 */
@@ -323,17 +324,25 @@ class Signature {
 	 *
 	 * @param string $key_id The URL to the public key.
 	 *
-	 * @return WP_Error|string The public key.
+	 * @return WP_Error|string The public key or WP_Error.
 	 */
 	public static function get_remote_key( $key_id ) { // phpcs:ignore
 		$actor = get_remote_metadata_by_actor( strip_fragment_from_url( $key_id ) ); // phpcs:ignore
 		if ( \is_wp_error( $actor ) ) {
-			return new WP_Error( 'activitypub_no_remote_profile_found', __( 'No Profile found or Profile not accessible', 'activitypub' ), array( 'status' => 401 ) );
+			return new WP_Error(
+				'activitypub_no_remote_profile_found',
+				__( 'No Profile found or Profile not accessible', 'activitypub' ),
+				array( 'status' => 401 )
+			);
 		}
 		if ( isset( $actor['publicKey']['publicKeyPem'] ) ) {
 			return \rtrim( $actor['publicKey']['publicKeyPem'] ); // phpcs:ignore
 		}
-		return new WP_Error( 'activitypub_no_remote_key_found', __( 'No Public-Key found', 'activitypub' ), array( 'status' => 401 ) );
+		return new WP_Error(
+			'activitypub_no_remote_key_found',
+			__( 'No Public-Key found', 'activitypub' ),
+			array( 'status' => 401 )
+		);
 	}
 
 	/**
diff --git a/includes/functions.php b/includes/functions.php
index 99b433f..b2972c0 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -42,7 +42,7 @@ function get_webfinger_resource( $user_id ) {
  * @param string $actor  The Actor URL.
  * @param bool   $cached If the result should be cached.
  *
- * @return array The Actor profile as array
+ * @return array|WP_Error The Actor profile as array or WP_Error on failure.
  */
 function get_remote_metadata_by_actor( $actor, $cached = true ) {
 	$pre = apply_filters( 'pre_get_remote_metadata_by_actor', false, $actor );
diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php
index 747290e..9088993 100644
--- a/includes/rest/class-inbox.php
+++ b/includes/rest/class-inbox.php
@@ -160,7 +160,7 @@ class Inbox {
 				'rest_invalid_param',
 				\__( 'No recipients found', 'activitypub' ),
 				array(
-					'status' => 404,
+					'status' => 400,
 					'params' => array(
 						'to' => \__( 'Please check/validate "to" field', 'activitypub' ),
 						'bto' => \__( 'Please check/validate "bto" field', 'activitypub' ),
diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index 8239168..0e6e4cc 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -2,6 +2,7 @@
 namespace Activitypub\Rest;
 
 use stdClass;
+use WP_Error;
 use WP_REST_Response;
 use Activitypub\Signature;
 use Activitypub\Model\Application_User;
@@ -92,13 +93,13 @@ class Server {
 		if ( 'GET' !== $request->get_method() ) {
 			$verified_request = Signature::verify_http_signature( $request );
 			if ( \is_wp_error( $verified_request ) ) {
-				return $verified_request;
+				return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) );
 			}
 		} elseif ( 'GET' === $request->get_method() ) { // GET-Requests are only signed in secure mode
 			if ( ACTIVITYPUB_AUTHORIZED_FETCH ) {
 				$verified_request = Signature::verify_http_signature( $request );
 				if ( \is_wp_error( $verified_request ) ) {
-					return $verified_request;
+					return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) );
 				}
 			}
 		}