Protecting your plugin functionality with specific capability checks using the Capabilities API should be a best practice, but it is still one of the most underused parts of WordPress core. Using the API allows for granular access management by developers using the plugin, and may even prevent security holes. This session explains how to use the API by looking at examples and diving in deeper from there, both from the view of a plugin developer as well as of an external developer who needs to tweak a third-party plugin.
As another practical example, some of the upcoming improvements to capabilities in WordPress core itself are revealed, so that you are aware of what’s on the horizon.