Not planned Add reCaptcha keys to configuration


Active member
To change the keys, you must edit library/XenForo/Captcha/ReCaptcha.php directly. It'd be nice if this could be changed in the admin settings instead, so it won't get overwritten with updates or marked as an invalid file.

Doing so prevents a known attack with reCaptcha caused by using global keys where an attacker can host the captcha on their site and use the entered captcha for evil things instead of confirming it. This isn't much of a serious threat compared to paid workers entering captchas.
Upvote 0