Secure compromised account
If you observe suspicious activity within your Cloudflare account, secure your account with these steps.
Step 1 - Change your password
For more guidance on changing your password, refer to Change email address or password.
Step 2 - Revoke active account sessions
When there is more than one active session associated with your email account, you can revoke any session that is not the current session.
To revoke a session:
- Log in to the Cloudflare dashboard.
- Go to My Profile > Sessions.
- On a specific section, click Revoke.
- You will be prompted to enter your password before revoking the session.
Step 3 - Enable Two-Factor Authentication (2FA)
To prevent future compromises, make sure that you have Two-Factor Authentication (2FA) enabled on your account.
Step 4 - Change API keys and tokens
API keys
If your API key might be compromised, change your API key:
- Log in to the Cloudflare dashboard and go to My Profile > API Tokens.
- In the API Keys section, find your key.
- Select Change.
API tokens
If your token is lost or compromised, you can either create a new token or roll your token to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.
To roll your API token:
- Log in to the Cloudflare dashboard and go to My Profile > API Tokens.
- Next to the API token you want to roll, select the three dot icon > Roll.
- Select Confirm to generate a new API token.
Step 5 - Review the audit log
To access audit logs in the Cloudflare dashboard:
- Log in to the Cloudflare dashboard and select your account.
- Go to Manage Account > Audit Log.
If you notice any settings were changed, you should undo those changes.