Yes, the default cookie authentication requires the user to be logged in in order to work. To accommodate random visitors, you could log in for them “behind the scene” using a generic user account. It’s probably better to use one of the authentication plugins. Go with which ever one best meets your needs.
I’ve no experience with any of these plugins. The oAuth concept in general works very nicely, but correctly setting it up can be challenging. I don’t know if the REST oAuth plugin helps any with this or not. JSON tokens sounds appealing, I’d be inclined to give it a try first.
Hey thanks bcworkz!
thanks for the suggestion! will definitely try login user from behind the scene without plugin for now, before dig deeper with oAuth or JSON token 🙂
Just to add for anyone stumble upon this question:
I just found out there are a function for users to submit ajax without privilege (non log-in user). Instead of going through the whole trouble of login for random strangers, the function below make more sense :p
wp_ajax_nopriv_[action_name]
reference: https://codex.wordpress.org/Plugin_API/Action_Reference/wp_ajax_nopriv_(action)
