• How do you disable CAPTCHA on pages?
• Site Administration pages like the Gogo Shell now have a CAPTCHA verification.
• How do you disable CAPTCHA on pages? Adding “-1” (Never Check), doesn’t work.
• Previously, CAPTCHA could be “disabled” by navigating to Control Panel → Configuration → System Settings → Security Tools → CAPTCHA. Then setting the maximum challenges to “-1” (never check).

• Liferay DXP 2024.Q1.7+

To further strengthen security and prevent unauthorized access to administrative controls, Liferay has made CAPTCHA verification mandatory for all omni-admin actions. Therefore, as of 2024.Q1.7, this is expected behavior, see Configuring CAPTCHA.

This additional layer of protection provides sufficient Cross-Site Request Forgery attack protection for omni-admin actions.

In case you still want to disable captchas for these pages:

• Add captcha.enforce.disabled=true to your portal-ext.properties file.
• After that, navigate to Control Panel -> System Settings -> Security Tools -> Captcha and set the Maximum Challenges field's value to -1 in order to disable Captcha Validation.

You should only do this for testing with Continuous Integration (CI).

Breaking Changes:

• Due to this security enhancement, the previously available option to disable CAPTCHA verification using the "-1" (Never Check) value is not applicable to administrative actions. 
• If a CAPTCHA engine is not selected within your Liferay DXP configuration (i.e. the option is left on “Choose an Option”), Server Admin Pages will become inaccessible and display a "Temporarily Unavailable" message.

• Configuring CAPTCHA
• LPD-25539: Admin needs to be informed that the Captcha cannot be disabled on admin functions