Even though a given user might have the capability to perform the action you’re checking, they might not have initiated it. Nonces are WordPress’ way of verifying the user actually initiated the action.
To keep sneaky evildoers from making changes to your WordPress site, it’s important to check that a given user has permission to make the change they want to make.
Any time you’re using potentially unsafe data, it never hurts to validate and sanitize it. Validating is confirming the data is what you expect it to be. Sanitization is a more liberal approach to cleaning your data.
Whenever you’re rendering data from the database, you’ll want to make sure it’s properly escaped. Escaping helps prevent issues like cross-site scripting.
Add a require statement to one of WP-CLI’s supported configuration files.
When using a RSS feed to deliver content to an email newsletter, you ensure inline images are restricted to a specific width with a little bit of regex.
A helpful checklist you can follow when releasing a WordPress.org.
A short overview of how to sign your request for authentication.
WordPress’ non-persistent groups let you exclude groups of data from Redis or Memcached.
Temporarily modify the $user_login global to contain the email address.