Cloudflare Account After Death: DNS and Domain Access Planning
A Cloudflare account can look like a technical detail until the person who controls it is no longer available.
For many websites, Cloudflare is not just a dashboard. It may control DNS records, domain registration, firewall rules, SSL settings, email routing, Pages projects, Workers, API tokens, analytics, billing, and security notifications. If the only person with meaningful access dies, becomes incapacitated, or loses the recovery email, a family or executor may discover that the website still exists but the controls for keeping it alive are locked away.
That is why a Cloudflare account after death belongs in a digital estate plan. The goal is not to weaken security or give everyone broad access. The goal is to keep domains, websites, and related services stable long enough for the right person to make informed decisions.
Why Cloudflare needs special planning
Cloudflare's own account and domain management best-practices page names death as one of the reasons access to an account or domain can be lost. Its prevention list is blunt and useful: decentralize access, maintain control of the domain name, keep billing information current, follow good password practices, and save 2FA backup keys.
Those are not abstract recommendations. DNS and domain control are foundational. If the Cloudflare account controls the nameservers for a domain, changing the wrong record can break the website. Deleting the wrong zone can disrupt traffic. Losing registrar access can make renewals, ownership changes, or transfers much harder. Missing a billing or verification email can quietly become a service problem.
For a personal blog, that might mean family photos or writing disappear from the public web. For a business, it can mean broken email, checkout failures, customer confusion, and lost revenue. For an open source project, it can mean documentation, package links, and community infrastructure fall into limbo.
Start with a Cloudflare inventory
The first planning step is a plain inventory. You do not need to expose secrets in the inventory, but you do need enough context for a trusted person to understand what the account controls.
Document each domain or zone, the registrar of record, whether the domain is registered through Cloudflare Registrar, the account email, the people who are members of the Cloudflare account, and the products used for each site. Include DNS, SSL/TLS settings, Workers, Pages, Zero Trust, R2, Turnstile, Email Routing, custom rules, API tokens, and paid plans if they matter.
Also document dependencies. If the domain receives email through Google Workspace, Microsoft 365, Proton Mail, or another provider, note which MX records matter. If the site deploys from GitHub, Vercel, Netlify, or a self-hosted server, write that down. Executors and relatives often do not know which service is the front door and which service is the actual host.
Add the right account members before an emergency
The strongest continuity move is to avoid a single point of human failure.
Cloudflare lets account owners invite account members and assign scoped roles. Managing members requires Super Administrator access and a verified email address. For a business, nonprofit, publication, or serious creator project, at least two trusted people should understand who has Cloudflare access and what each role is allowed to do.
That does not mean every helper needs full control. A technical cofounder, operations lead, spouse, attorney, or managed service provider may need different access. Use the narrowest role that still lets the person protect continuity. Then record the role in the estate or business continuity notes so an executor knows whom to contact first.
For solo website owners, this can feel uncomfortable. But the choice is not between total secrecy and careless sharing. A better middle path is to name a trusted person, add role-based access where appropriate, and keep a sealed recovery plan for emergencies.
Protect 2FA without creating a new risk
Cloudflare's best-practices guidance specifically says to save 2FA backup keys. That matters because two-factor authentication is often what stops both attackers and legitimate survivors.
Do not leave backup codes sitting in an ordinary shared document. Store them in a password manager emergency process, a sealed estate packet, a safe, or another controlled location that your executor can reach only when appropriate. The instructions should say where the recovery materials are, who may use them, and what they are allowed to do first.
If hardware security keys are used, document where they are stored and whether a backup key exists. If the Cloudflare account depends on a particular email inbox or phone number, make sure that inbox or number is also part of the estate plan. Account recovery fails quickly when every recovery path depends on another inaccessible account.
Keep domains and billing from drifting
Domain names are easy to forget until something expires.
If a domain is registered through Cloudflare Registrar, review expiration dates, auto-renew status, registrant details, and the payment method. Cloudflare's Registrar documentation warns that deleting a domain registration can ultimately make the domain available for someone else to buy. That is exactly the kind of irreversible mistake a family should avoid while still learning what the account does.
If a domain is only using Cloudflare for DNS but is registered somewhere else, document that registrar too. The executor may need both the registrar account and Cloudflare account to preserve or transfer the site. A domain move, nameserver change, or registrar transfer can affect DNS, email, certificates, and security settings, so it should be done deliberately.
Billing deserves the same attention. A card cancellation after death can cause failed payments. A failed payment can interrupt paid features or create urgent notices. For business-critical sites, send billing and operational notifications to more than one responsible person where the plan allows it.
Know what transfer may require
Families often imagine that ownership transfer is a single button. Sometimes it is not.
Cloudflare says moving a domain between accounts can be needed when a user loses access to the original email or Cloudflare account. It also warns that domains registered with Cloudflare Registrar require a separate manual request. Cloudflare Registrar documentation says inter-account moves require confirmation by both the source and target accounts, and that the target account becomes responsible for renewals.
After death, those requirements can be hard if only the deceased person controlled the source account. That is why planning before death matters more than hoping support can solve everything later.
Your instructions should identify whether the intended outcome is to keep the account operating, transfer a domain, move a website into a business account, archive the site, or close services after records are preserved. Each path has different risks.
Write a first-action plan for the executor
A good Cloudflare estate note should include a short "do this first" section.
Start with preservation. Keep domains renewed. Do not delete zones. Do not change nameservers without technical review. Do not cancel payment methods until billing is understood. Do not rotate API tokens unless there is a security reason. Do not transfer a domain until email, hosting, DNS, and security dependencies are mapped.
Then identify the first people to contact: the technical executor, web host, developer, business partner, attorney, or managed service provider. Include the location of legal documents and secure recovery materials. If a support request may be needed, note what documents the executor is likely to have, such as a death certificate, letters testamentary, business authorization, or proof of domain ownership.
Finally, state the desired outcome for each site. A family blog might be preserved. A business site might be transferred to a company-controlled account. A test project might be shut down. A domain with sentimental value might be renewed even if the site is archived.
The practical checklist
Use this checklist while the account owner is alive:
- List every Cloudflare account, domain, zone, and product.
- Confirm which domains are registered with Cloudflare Registrar and which are only using Cloudflare DNS.
- Add appropriate account members for business-critical or family-critical sites.
- Store 2FA backup codes and hardware key instructions securely.
- Keep recovery email, phone, billing, and notification recipients current.
- Record the registrar, host, repository, email provider, and payment dependencies for each domain.
- Write outcome instructions: preserve, transfer, renew, archive, or close.
- Review the plan after major account, domain, business, relationship, or device changes.
The best Cloudflare plan is boring in the best possible way. The right people know who can act, the domain renews, the DNS records are not disturbed, and the family has time to make careful decisions.
For broader website succession planning, see /en/blog/website-ownership-transfer-after-death.