7 Signs of a Hacked Router and How to Fix It

Internet issues are just a way of life. There’s always something disrupting your dancing cat videos. Network troubles on your provider’s side. Storms blowing down lines. The speed woes of a tired old router. Kids downloading super-sized game updates. Something.

But what if every device you own loads the same website no matter what you type into the address bar? Or, even worse, you sit at your computer, utterly speechless, as a “ghost” seizes your mouse and opens your bank account?

Not fun.

Those two scenarios alone are good signs of a hacked router. But don’t worry: I’ll clue you in on how to recognize a hacked router, how to fix it, and how to make sure it never happens again.

There are many signs of a possible router hack that can throw up a red flag. Some are general and could apply to other router-related issues. Others are a sure sign that someone else now controls your network.

Sign #1—You can’t log in to your router

First, let’s be clear that your inability to sign in to your router or gateway doesn’t always mean you’ve been hacked. There have been plenty of times when I returned to a router I previously tested, and it (rather rudely) denied me access to the settings. This is not an uncommon problem. It usually means you’re entering the wrong password, you misspelled the password, or something on the router side is corrupt. Case closed.

With that said, there’s also the slim possibility that someone hacked your router. The attacker may have figured out the credentials, logged in, and changed the password to lock you out. After that, the attacker has free reign to change additional settings and make your life miserable.

But why did the attacker target you? Perhaps you clicked on a clever email or message link, and now the hacker has full control of your home network. Hackers also probe the internet for vulnerable routers they can use to create botnets, steal your bank login info, and so on.

Welcome to the modern-day World Wide Web.

So, whether you’re hacked or just having password issues, the only remedy is to reset your router to its factory defaults.

Immediate action: Follow our instructions on how to reset your router.

Sign #2—All internet browsers lead to the same site

Browser hijacking is a sure sign that you have a hacked router or gateway.

In this case, a hacker logged in to your router and changed its Domain Name System (DNS) settings—the system that matches numeric IP addresses with the alphanumeric ones we see and easily remember, like google.com.

By doing so, the hacker can redirect all your internet traffic to a malicious DNS server. This server will lock you to specific websites that can steal your information and install malicious software on every internet-connected device you own.

Immediate action: Log in to your router and change the DNS settings and password. If you can’t log in, reset your router. You should also scan every device with antivirus software to make sure there’s nothing on your devices that’s hijacking your browser.

Sign #3—There’s strange software on more than one device

If you see new, unfamiliar software on more than one device—especially if you didn’t download it intentionally—there’s a good chance someone hacked your router and remotely installed malware onto your devices.

Strange, uninvited software includes browser toolbars, fake antivirus clients, and other programs that will generate random popups on your screen or within a browser.

If you have multiple computers, this uninvited software may be on all of them. Malware can replicate on a single device and spread across wired and wireless connections, similar to how a virus spreads from person to person.

Immediate action: Log in to your router and change the password. If you can’t log in, reset your router. Afterward, make sure your router has the latest firmware. Be sure to uninstall the strange software from your device(s) and run an antivirus client.

Sign #4—You receive a ransomware message

Ransomware messages can be a sign that you have a hacked router. These attackers can seize control of the router and demand money in return for its release. The message may appear in the form of an email, instant message, text, or a popup generated by uninvited software installed on your device.

But also remain skeptical. Ransomware messages don’t always mean you’ve been hacked. Some are designed to instill fear and convince you of a hack that never happened. But if you see popup threats on your screen or your mouse suddenly opens your bank account, then yes, you’re under attack.

Immediate action: Don’t pay a dime, and follow my instructions on how to reset your router. Be sure to create a unique password that hackers can’t guess.

Sign #5—You see unrecognized devices on your network

You can use the router’s web interface or mobile app to see a list of devices connected to your home or office network. For example, the Linksys Smart Wi-Fi interface provides a network map—just click on a device to see its assigned address.

When you look at the map, all local devices have a derivative of the router’s private IP address. If your router’s address is 192.168.1.1, for example, then all device addresses should start with the first three numbers (192.168.1).

However, a device remotely accessing your router won’t have an address that matches the first three numbers of your router’s private address.

Immediate action: Kick the unknown device(s) off your network and change the password. Disable remote access if you never use it.

Sign #6—You can’t control your device

If you sit in front of your computer and watch an uninvited, unseen guest move the mouse and access your banking information, you definitely have a hacked router.

In this scenario, the hacker has remote access to your device and can open any file or online account using the passwords you store in the operating system or browser.

Immediate action: Unplug your devices and disconnect your router from your modem. After that, follow my instructions on how to reset your router. Change your passwords, too.

Sign #7—Your internet speeds are slower than snails

Slow internet speeds aren’t uncommon. There may be issues with your provider, too many devices downloading at one time, and so on. But if you experience extremely slow speeds along with other symptoms on this list, chances are you have a hacked router.

Your speeds could be slow because the hacker seized your full bandwidth for the following:

• Botnet activity
• Distributing malware to other networks
• Remote connections to your devices
• Cryptojacking
• General internet piggybacking

Immediate action: First, use our tips on how to speed up your internet to see if the problem is just a connection issue. If you think that someone hacked your router, try to change the password. If you can’t, follow my instructions on how to reset your router.

How to fix a hacked router or gateway

You can easily and quickly fix a hacked router. There’s no need to throw it out the window and purchase a new one.

Step 1: Disconnect the router or gateway

If you have a standalone router, disconnect the Ethernet cord to avoid communicating with the modem. If you have a gateway, disconnect the internet connection instead.

In both cases, disconnect all other wired and wireless devices.

Step 2: Power cycle your router or wireless gateway

In some router hacking cases, a simple power cycle (reboot) works as a quick fix. This method clears the memory of any malicious code and refreshes your public IP address. Just pull the plug, wait 30 seconds, and then plug the cord back into the outlet.

In other cases, you may need to reset your router to its factory settings. A power cycle cannot remove severe infections like VPNFilter.

Step 3: Change the password

Once you power cycle the router, log in and change the password. You can use one of the best password managers to create one and retrieve it from your account when needed.

Actually, I suggest you create a passphrase instead of a password. It’s a long string of unrelated words filled with symbols and numbers. Make it something you can remember but isn’t easily guessed.

Do the same with your Wi-Fi network, too.

Immediate action: Read my guide on how to change your Wi-Fi network name and password.

Step 4: Update the firmware

Set your router to update its firmware automatically if it’s not already. And if your router doesn’t give you the option to update automatically, set yourself a reminder to check every month or so.

But carry out either method with caution, as faulty firmware can render your router useless. Check the manufacturer’s notes to make sure the latest firmware is stable. You shouldn’t have any issues with new firmware, but it doesn’t hurt to be cautious and proactive. Routers aren’t cheap.

Immediate action: Read my guide on how to update the firmware on routers from several popular brands.

Step 5: Reset your router

if an infection persists or you can’t log in, then a router reset is your only solution (outside buying a new one). A reset restores the factory default settings, clearing out any possible malware. You’re essentially rebuilding your home network and creating new passwords for the router login and Wi-Fi.

For more information, consult my guide on how to reset a router from ASUS, Linksys, NETGEAR, and more.

How to prevent a router hack

Use the following suggestion to safeguard your devices and sensitive data against hackers.

Stay on top of firmware updates

Your router is a miniature computer with a processor, system memory, and storage that houses the operating system (firmware). Unfortunately, firmware is never bulletproof, as there can be bugs in the code and security holes. Attackers will utilize these unpatched flaws and access your router with ease.

Manufacturers distribute firmware updates regularly to squash these bugs and patch vulnerabilities. Generally, we suggest you enable automatic firmware updates if the feature isn’t toggled on already and you never manually install new firmware. Log in to your router and toggle on automatic updates if they are not already.

However, be aware that things can happen. Bad firmware uploaded to a manufacturer’s distribution server can brick your router. Malware-infected firmware distributed to a router can lock you out. Auto-updates are convenient, but there’s a rare chance the update can go awry and leave you with a $300 paperweight. For this reason, some manufacturers don’t support auto-updates.

Read my guide on how to update the firmware on routers from several popular brands.

Use a secure password

Every router I’ve tested forces you to create an administration password during setup. There’s usually no “default” password that hackers can pass around. Some routers even require you to create two security questions for accessing the router when the admin password doesn’t work (corrupt, forgotten, etc.). The password normally requires a mix of upper- and lower-case letters, numbers, and symbols.

Likewise, every router I’ve tested ships with a unique passphrase for Wi-Fi printed on a label. You’re prompted to change it as you move further into the setup, but it’s not mandatory like the administration one.

Some routers require a cloud account prior to starting the setup process, like mesh networking systems. That means you must create a username and password to use the service and router.

Overall, never use an easily guessed password with your router or Wi-Fi network—even if it’s full of upper- and lower-case letters, numbers, and symbols. These include names of pets, children, other family members, and anything that links to your interests. Believe it or not, the two most used passwords are still password and 123456. Like, really?

So, what’s the big deal? Why can’t we use easily remembered passwords? Because a hacker can use free online tools to carry out a brute-force attack—a trial-and-error method that continuously enters every possible password until one works. Hackers can also use a library attack, which uses words pulled from a dictionary. These attacks can quickly crack an easy eight-character alphanumeric password.

The bottom line here is use a passphrase instead of a password. It’s a string of unrelated words with symbols and numbers that’s harder to crack than any password you create.

Schedule routine reboots

A monthly reboot is good for the router, as it can clear the system memory and refresh all connections.

Additionally, your internet provider assigns a public IP address to your router. It usually refreshes every 14 days anyway (unless you pay for a permanent “static” address), but a reboot gives you an extra refresh if hackers obtained one of your previous addresses.

Disable remote access

Remote access is a feature for changing the router’s settings when you’re off the network, like from a hotel room. Most routers now have two methods, but the one you should be concerned about lies within the web interface. It’s an easy entry point for attackers, especially if you use a weak password.

Based on the routers I’ve tested, this feature is disabled by default in favor of cloud-based access through mobile apps. Still, you should check to see if it’s disabled, and if not, turn it off immediately. Only use this version of remote access if the app doesn’t have the settings you need to change off-network—and only do so sparingly.

Be sure to use strong passwords or passphrases when you set up a cloud account (if you choose not to use the complex ones supplied by Android and Apple devices). Also, enable biometrics so you’re not manually entering login credentials out in public.

Disable WPS

Wi-Fi Protected Setup (WPS) has good intentions. It allows users to connect their devices to a wireless network without a password. Simply press the WPS button on the router, or enter an eight-digit PIN provided by the router.

But the convenience has a major drawback. Hackers can use a brute-force attack to figure out the PIN in 4 to 10 hours—they don’t need access to the physical button. You can easily disable WPS through the router’s backend and instead use our guide on how to share your Wi-Fi network’s password to any device.

If you have a Linksys router, for example, you can disable WPS by doing the following:

Step 1: Select Wi-Fi Settings displayed under Router Settings.

Step 2: Click on the Wi-Fi Protected Setup tab.

Step 3: Click the toggle so that it reads OFF.

Step 4: Click on the Apply button. You must click this button so that WPS and its related PIN are completely disabled—clicking on the toggle without applying the change isn’t enough.

Change the network name

The Service Set Identifier (SSID) is your wireless network’s name. All routers broadcast the manufacturer’s name by default, like Linksys_330324GHz or NETGEAR_Wi-Fi. Anyone within range can see this name, know who built your router, and search the internet for the default login credentials if they’re available.

However, the router prompts you to rename the wireless network during the setup process for that very reason. If you ignored the router’s request, now is a good time to return to the settings and change the network name. Use whatever you want, just don’t advertise anything that can help attackers infiltrate your home network.

If you have band steering turned on, you’ll only need to change one SSID. If band steering is turned off, you’ll have at least two Wi-Fi connections to rename. I normally add a “2” or “5” suffix to distinguish between the different bands, like “clearlink2” and “clearlink5” as seen in my router reviews. At home, I use different NSFW names to annoy my neighbors.

Finally, network names can be up to 32 characters long.

How to protect your devices from hacks

There’s more to protecting your network against hackers than securing your router. You need safeguards in place to protect your devices and personal data, too, should an attacker take control of your router.

Computers and mobile devices

Lock your device with biometrics or a passcode

Use facial recognition and fingerprint scanning to lock your devices and accounts in addition to using the main login password. Passcodes and patterns are better than passwords, too, but you run the risk of someone guessing them correctly by viewing the smudges on your screen.

Keep all software current

Device manufacturers like Apple and Lenovo release system updates to squash bugs in the code, optimize performance, and fill security holes. Software developers do the same, so be sure every platform, desktop software, and app you use is current.

Never install questionable software

If the desktop software or app—or even the website that hosts it—looks shady, then don’t install it. Always get your apps and software from verified sources versus back-alley repositories lurking in the dark corners of the internet.

Never connect to an unsecured public network

An unsecured public network means the Wi-Fi connection doesn’t use any security. The data you send and receive from an unsecure Wi-Fi access point isn’t protected from eavesdropping hackers eager to steal your info.

Use a VPN service

Many modern routers now support OpenVPN, a free VPN service you can use to hide your online activity. All you need is to enable the server on your router and install the client software on your devices. We also provide a list of the best VPN services if your router doesn’t include a VPN server.

Turn off Bluetooth

Bluetooth is another form of wireless communication. Device manufacturers like Apple say to keep it turned on “for the best experience” but the Federal Communications Commission suggests you turn it off when not in use, as hackers can access your device by spoofing other Bluetooth devices you use. If you must enable Bluetooth, use it in “hidden” mode.

Use Two-Factor Authentication

Always, always enable two-factor authentication on every account you use. It’s a pain, we know, but that added layer of security keeps hackers at bay should they somehow get your login credentials. For example, Microsoft Authenticator requires you to verify a login request in the mobile app before you can log in to your Microsoft Account on any device, including the Xbox consoles.

Never click or tap on strange links

Malware you unintentionally download to your computer or mobile device could lead the way to a hacked router. Here are several ways you can get unwanted malware:

• Click on a link in a phishing email or chat message
• Connect an infected flash drive
• Access a malicious website
• View infected ads

Computers only

Keep your antivirus current

Apple macOS doesn’t include built-in antivirus because hackers rarely ever target the platform. Microsoft Windows is a different story, however, and includes antivirus protection for free. Be sure to keep it and any third-party antivirus software you have installed on Mac or Windows up-to-date, so you stay protected against the latest threats.

Never ever disable your firewall

All computing devices have a firewall that monitors your network traffic flow but you can disable it on Mac and Windows. This is a bad idea, as you remove all restrictions and open the door for hackers to slip in and infiltrate your device. I provide instructions on how to re-enable your firewall on Windows and Mac if, for some reason, it’s disabled.

Related topics

• 8 Terrifying Security Flaws in Your Wi-Fi—And How to Fix Them
• How Can I Tell If My Internet Is Being Throttled by My ISP?
• How to Know If Someone Is Stealing Your Wi-Fi