How can I use reCAPTCHA v2 on a large number of domains?

Question

The previous version of reCAPTCHA provided the option to make a global key which would work on any domain. Now, in version 2, that option is gone, and the reCAPTCHA site cla

Answer 1

It is possible to implement reCAPTCHA Version 2.0 without verifying each domain: https://developers.google.com/recaptcha/docs/domain_validation

To do so, visit the admin console and click the API key in question under "Your reCAPTCHA Sites". Then under "Advanced Settings", uncheck "Verify the origin of reCAPTCHA solutions".

---

Security Warning

Per Google, doing this creates a security risk that then requires you to check the hostname yourself.

Turning off this protection by itself poses a large security risk - your key could be taken and used by anyone, as there are no restrictions as to the site it's on. For this reason, when verifying a solution, you are required to check the hostname field and reject any solutions that are coming from unexpected sources.

---

Related Link: ^{_{(from "Stack Exchange Information Security")}}
- Why bother validating the hostname for a Google Recaptcha response?