SiteGround asking for Cloudflare password?

I have been using Cloudflare for 6 years and I just signed up for SiteGround today and I see I can connect it to Cloudflare, but why do they ask for my Cloudflare password? Why doesn’t it use API tokens like wrangler? Is it safe to give SiteGround my Cloudflare password?

Absolutely not. You should also use 2FA here, which makes asking for a password pointless.

We don’t know, but you should certainly have a conversation with Siteground about this.

i just made a separate account for it and now i’m getting emails from cloudflare that say they are partnered with siteground… i thought cloudflare cared about security, so i would not expect them to partner with someone who asks for your cloudflare password…

this is what siteground support said:

When you are activating CloudFlare through Site Tools, and wish to connect an existing account, we would need to do it with the email + password. But I can assure you that the information provided would be secured.

Wow. This actually surprises me.

They should just use the API token for the integration instead.

1 Like

That assurance is literally worthless. They clearly need to have that in plain text in order to enter it at Cloudflare. Definitely not secure.

@sdayman can i ask you to edit your post so it doesn’t look like i’m providing the assurance?

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.