Cloudflare Docs
Fundamentals
Visit Cloudflare Fundamentals on GitHub
Set theme to dark (⇧+D)

Secure compromised account

If you observe suspicious activity within your Cloudflare account, secure your account with these steps.

Step 1 - Change your password

For more guidance on changing your password, refer to Change email address or password.

Step 2 - Revoke active account sessions

When there is more than one active session associated with your email account, you can revoke any session that is not the current session.

To revoke a session:

  1. Log in to the Cloudflare dashboard.
  2. Go to My Profile > Sessions.
  3. On a specific section, click Revoke.
  4. You will be prompted to enter your password before revoking the session.

Step 3 - Enable Two-Factor Authentication (2FA)

To prevent future compromises, make sure that you have Two-Factor Authentication (2FA) enabled on your account.

Step 4 - Change API keys and tokens

API keys

If you believe your API key might be compromised, you should change your API key:

  1. Log in to the Cloudflare dashboard.
  2. Go to Profile.
  3. Go to API Tokens.
  4. In the API Keys section, find your key.
  5. Click Change.

API tokens

If your token is lost or believed to be compromised, you can either create a new token or your token can be rolled to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.

To roll your API token:

  1. Log in to your Cloudflare account and go to User Profile > API Tokens.
  2. Next to the API token you wish to roll, click the three dot iconRoll.
  3. Then, click Confirm to continue and you will see a new API token.

Step 5 - Review the audit log

To access audit logs in the Cloudflare dashboard:

  1. Log in to the Cloudflare dashboard and select your account.
  2. Go to Manage Account > Audit Log.

If you notice any settings were changed, you should undo those changes.