Moodle-based e-learning company Pukunui is offering warning and advice for Moodle site administrators or job roles involving data security.
Moodle has already enabled reCAPTCHA v2 for authentication, but the update from v1 is not automatic. Site administrators must disable reCAPTCHA, then re-enable it so it updates to v2. The new widget keeps the previous credentials, which means developers do not have to apply for new authentication tokens.
Sites that continue using reCAPTCHA v1 after March might face unidentified vulnerabilities without the support of Google or Moodle HQ. They might also face downtime, which risks keeping your users from logging in.
To activate reCAPTCHA on your Moodle site, you need to enable “Emails based-self registration”. Read more about it in the Moodle Docs.