current_user_can() always returns true if user is super admin
The documentation unfortunately not very clear on what “explicitly deny” actually entails. While setting a capability to false will normally explicitly deny the capability, that check is performed after super admins have been waved through. So even though the documentation says “unless explicitly denied”, denying it this way doesn’t work for super admins. Only the … Read more