Action Required: CAPTCHA changes

For many years, XenForo has used reCAPTCHA as its default CAPTCHA provider to help mitigate spam and bot actions without requiring our customers to go through additional configuration. However, we have recently been informed that restrictions may be placed on the reCAPTCHA key included in XenForo. This may lead to CAPTCHAs not being enforced or failing to validate.

If you have not changed the default CAPTCHA method, to avoid disruption, we urge customers to take one of the actions below to resolve this issue.

Best solution:

Upgrade to XenForo 2.2.5​

Alongside this announcement, we have released XenForo 2.2.5 which changes the default CAPTCHA provider to hCaptcha. hCaptcha is used by many companies, including by CloudFlare all across the internet. We have contacted hCaptcha regarding our situation and they are excited to be the default CAPTCHA provider for XenForo and its customers.

hCaptcha.png


Once you've upgraded to XenForo 2.2.5 (or any subsequent release), there are no other actions you need to take to resolve this issue.

Learn more about XenForo 2.2.5.

Alternative solution:

Change to a different CAPTCHA provider​

(Note: this is only required if you are using the default reCAPTCHA configuration included in XenForo by default. If you have supplied your own reCAPTCHA keys or are using a different CAPTCHA provider already, there is no action for you to take.)

If upgrading XenForo is not an option, you can also avoid disruption by choosing a different CAPTCHA provider in the XenForo control panel. To change this:
  1. Log into your XenForo control panel. In the left column, expand Setup and click Options.
  2. In the option group list, click Basic options.
  3. If you are running XenForo 2.2, the CAPTCHA option may be hidden by default. Scroll to the bottom of the page. If you see "...advanced option(s) have been hidden", click Show them.
  4. Look for the Enable CAPTCHA for guests option.
Here, you may choose a CAPTCHA provider that suits your needs. You may need to obtain site-specific keys from the provider you choose.

If you wish to continue using reCAPTCHA, you must register your site directly with them. To do this:
  1. Go to https://www.google.com/recaptcha and click v3 Admin Console. If you do not have any sites registered with them yet, this will take you directly to a form to register a new site.
  2. Select reCAPTCHA v2 as the type and choose either "I'm not a robot" Checkbox or Invisible reCAPTCHA badge depending on your preferences.
  3. Complete the rest of the form as necessary and you will be provided with a site key and a secret key.
  4. Enter these into the CAPTCHA option in the XenForo control panel. If you selected the invisible option when setting up your key, ensure use invisible reCAPTCHA is selected in the XenForo control panel.
  5. Save the options.
And you're finished. If you'd like to confirm that the CAPTCHA is working as expected, you can visit your site in an incognito/private browsing window and attempt to register a new user or use the default contact form.

If you have any questions or problems changing your CAPTCHA provider, please post in the support forums or submit a ticket from the customer account area.
 
Top