Cloudflare Exposed Credentials Check

Reading the Cloudflare Cyber Attack Readiness guide it recommends enabling the “exposed credential checks ruleset”.

Having hunted within a couple of domains dashboards, including those created in the last 6 months, I can’t find this options and none of the documentation seems to show what sub-heading this can be found under within the Firewall dashboard.

Hoping someone here can advise


Are you currently using the new WAF UI?

If yes, the Exposed/Leak Credentials Check setting should be just below it:

1 Like


Please see below screenshot. Is this the old WAF, the domain in question was only created on Cloudflare around a month ago so I’d have expected it to be the latest version and if not is there an upgrade option somewhere?

It looks like Cloudflare randomly gives the new WAF to a subset of people.

What if you contact Cloudflare Support and see whether they can manually upgrade to new WAF with Leaked Credentials Check?


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.