Secure compromised account
If you observe suspicious activity within your Cloudflare account, secure your account with these steps.
Step 1 - Change your password
For more guidance on changing your password, refer to Change email address or password.
Step 2 - Revoke active account sessions
When there is more than one active session associated with your email account, you can revoke any session that is not the current session.
To revoke a session:
- Log in to the Cloudflare dashboard.
- Go to My Profile > Sessions.
- On a specific section, click Revoke.
- You will be prompted to enter your password before revoking the session.
Step 3 - Enable Two-Factor Authentication (2FA)
To prevent future compromises, make sure that you have Two-Factor Authentication (2FA) enabled on your account.
Step 4 - Change API keys and tokens
API keys
If your API key might be compromised, change your API key:
- Log in to the Cloudflare dashboard and go to My Profile > API Tokens.
- In the API Keys section, find your key.
- Select Change.
API tokens
If your token is lost or compromised, you can either create a new token or roll your token to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.
To roll your API token:
- Log in to the Cloudflare dashboard and go to My Profile > API Tokens.
- Next to the API token you want to roll, select the three dot icon > Roll.
- Select Confirm to generate a new API token.
Step 5 - Review the audit log
To access audit logs in the Cloudflare dashboard:
- Log in to the Cloudflare dashboard and select your account.
- Go to Manage Account > Audit Log.
You can search these audit logs by user email or domain and filter by date range. To download audit logs, click Download CSV.
If you notice any settings were changed, you should undo those changes.