For now while it is not officially implemented, you can change it yourself if you want and you are on self-hosted vB5 version. There are only 2 instances of www.google.com/recaptcha, one in PHP (/includes/class_humanverify_recaptcha.php) and another one in template (humanverify_recaptcha2). Of course, for PHP edits, you'll have to re-apply it every time you upgrade. and for template edits, it may cause conflicts during upgrade that you have to resolve. But these are simple changes to make.

Note that these kinds of modifications are not supported by vBulletin. Do it at your own risk.

I don't understand what the difference between reCaptcha and hCaptcha would be except a company change. Personally, I would assume that both are being used to build machine learning datasets. Captcha's are just the first line of defense and any protections have been eroded for over a decade.

Captcha isn't something that the vBulletin software has relied on heavily for many years.

vBulletin 5 has 2FA (or Multifactor Authentication) built in as a default feature. Though currently it usage is restricted to Admin and Moderator accounts. This can be set up to be voluntary or forced. There have been requests to extend this to all users.

In vBulletin 4, we allowed Administrators to ban specific email addresses from registering on their site. The system also allowed Admins to filter content via Akismet. For registration, you could also verify emails and moderate new registrations for access. These were kind of a first step in anti-spam techniques.

In vBulletin 5, spam management has been expanded. For registrations, users can enable StopForumSpam to check on username and/or email address. It can also report rejected registrations back to this service. For content, customers can use keyword filtering, be alerted when specific keywords are used, limit links in a post, and a few other techniques to manage this.

As for hijacking accounts, vBulletin 5 has password restrictions such as length, types of characters, and expiration amounts. Administrators can even provide a list of words that cannot be used in passwords. The strikes system will slow people/bots down as well. 5 incorrect logins will lock an IP for 15 minutes. Finally, in addition to this, vBulletin 5 does not use the MD5 hashing format that was used in vBulletin 4. The default password hash will be Argon2ID if PHP is configured with this algorithm. If Argon2ID is not available, then it will use PHP's Blowfish/Bcrypt implementation. Both of these are time based hashing methodologies that use random salts. vBulletin is configured to waste about half a second hashing every password. The password system is also extendable. Cookie's on the end user device are marked HTTP Only so they aren't accessible via Javascript and you can configure PHP to create secure cookies. Plus it is recommended to run vBulletin under HTTPS. All of this is to prevent a user's information from falling into the wrong hands.

Well I know is suggestion is old and mentioned before, but I wasn't sure if you guys had thought about hCAPTCHA? Besides the rise of AI software, the major flaw with AI is how it can be used in the wrong hands to be used for spam posts by trying to sneak and pass the human verification tests. Also, I had to add a 3rd Party 2FA from DragonByte Tech for vBulletin 4.2.5, but had some teething problems until I've fixed some deprecation errors.

Because most communities and tech companies recommend on having 2FA as social networks, Discord, YouTube and more had encountered over millions of accounts compromised by hijack bots and some of them are hard to tackle...

Anyway...I don't know if Google reCAPTCHA should be recommended for human verifications as Google hasn't done much effort to make sure spambots or hijack bots post alienating threads in vB or try to steal customers' accounts.

Thank you for the suggestion. We need suggestions like this to further our product. In the future please post your suggestions in our community site at the link below. When posted there it will be reviewed by our developers for a future release.