Cloudflare Docs
Cloudflare Fundamentals
Visit Cloudflare Fundamentals on GitHub
Set theme to dark (⇧+D)

Secure compromised account

If you observe suspicious activity within your Cloudflare account, secure your account with these steps.

​​ Step 1 - Change your password

For more guidance on changing your password, refer to Change email address or password.

​​ Step 2 - Revoke active account sessions

When there is more than one active session associated with your email account, you can revoke any session that is not the current session.

To revoke a session:

  1. Log in to the Cloudflare dashboard.
  2. Go to My Profile > Sessions.
  3. On a specific section, click Revoke.
  4. You will be prompted to enter your password before revoking the session.

​​ Step 3 - Enable Two-Factor Authentication (2FA)

To prevent future compromises, make sure that you have Two-Factor Authentication (2FA) enabled on your account.

​​ Step 4 - Change API keys and tokens

​​ API keys

If you believe your API key might be compromised, you should change your API key:

  1. Log in to the Cloudflare dashboard.
  2. Go to Profile.
  3. Go to API Tokens.
  4. In the API Keys section, find your key.
  5. Click Change.

​​ API tokens

If your token is lost or believed to be compromised, you can either create a new token or your token can be rolled to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.

To roll your API token:

  1. Log in to your Cloudflare account and go to User Profile > API Tokens.
  2. Next to the API token you wish to roll, click the three dot iconRoll.
  3. Then, click Confirm to continue and you will see a new API token.

​​ Step 5 - Review the audit log

To access audit logs in the Cloudflare dashboard:

  1. Log in to the Cloudflare dashboard and select your account.
  2. Go to Manage Account > Audit Log.

If you notice any settings were changed, you should undo those changes.