Secure compromised account
If you observe suspicious activity within your Cloudflare account, secure your account with these steps.
Step 1 - Change your password
For more guidance on changing your password, refer to Change email address or password.
Step 2 - Revoke active account sessions
When there is more than one active session associated with your email account, you can revoke any session that is not the current session.
To revoke a session:
- Log in to the Cloudflare dashboard.
- Go to My Profile > Sessions.
- On a specific section, click Revoke.
- You will be prompted to enter your password before revoking the session.
Step 3 - Enable Two-Factor Authentication (2FA)
To prevent future compromises, make sure that you have Two-Factor Authentication (2FA) enabled on your account.
Step 4 - Change API keys and tokens
API keys
If you believe your API key might be compromised, you should change your API key:
- Log in to the Cloudflare dashboard.
- Go to Profile.
- Go to API Tokens.
- In the API Keys section, find your key.
- Click Change.
API tokens
If your token is lost or believed to be compromised, you can either create a new token or your token can be rolled to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.
To roll your API token:
- Log in to your Cloudflare account and go to User Profile > API Tokens.
- Next to the API token you wish to roll, click the three dot icon > Roll.
- Then, click Confirm to continue and you will see a new API token.
Step 5 - Review the audit log
To access audit logs in the Cloudflare dashboard:
- Log in to the Cloudflare dashboard and select your account.
- Go to Manage Account > Audit Log.
If you notice any settings were changed, you should undo those changes.