7 Ways to Secure Your Home Network

7 ways to improve your router’s security

Fix #1—Change the default login credentials

This really isn’t a thing anymore, but we’ll address it nonetheless.

All modern standalone routers and mesh systems include a label affixed to the bottom displaying the default username (usually admin) and a unique passphrase or PIN. This passphrase/PIN method is a little different than in years past when manufacturers shipped routers with generic login credentials many users supposedly never changed—credentials you can still find online today.

And even though the supplied passphrase or PIN is unique to the router, it’s not meant for everyday use. The setup process forces you to create a new passphrase or password before you can use the router—no exceptions. In some setups we’ve seen, the passphrase and PIN apply only to Wi-Fi upon first connection—you don’t need login credentials to start the setup process.

But what if you created a simple password—like the name of your favorite pet or pizza topping— to log in to your router? Change it, like, pronto.

Why? A hacker armed with every possible username and password can brute-force their way into your router and take control. After that, someone could accuse you of crimes you didn’t commit. Sounds like fun? Of course not.

We suggest using a password manager or creating a passphrase containing multiple unrelated words with characters and numbers. Do whatever it takes to make it memorable but unique and hard to crack, and then never use it on any other account or device—not even with the router’s Wi-Fi network.

Fix #2—Change your Wi-Fi network name

Make sure your Wi-Fi network’s name (or SSID) doesn’t identify the manufacturer. This step ensures that hackers lurking nearby don’t see the name broadcasted as Linksys and say, “How convenient! They have a Linksys router! I know how to break into their network!”

Changing the network name also makes hacking more difficult. The name ties into the router’s encryption, so you’re essentially giving hackers a head start if you’re using the default network name. And if you didn’t change the login credentials to something difficult to crack, you might as well open the door and let the hackers walk right on in. Please, help yourself!

Naming your network something like Pretty Fly For A Wi-Fi or The LAN Before Time doesn’t tell would-be hackers any information except that your pun game is strong. Plus, it makes your Wi-Fi network easily distinguishable from other nearby networks—which is more important if you live within range of multiple networks.

But keep the name 32 characters or shorter, and don’t use anything that can identify you, your address, your router, your pet, your favorite TV show, and so on. And don’t hide the network name—it’s not worth the trouble.

Fix #3—Set a good Wi-Fi network password

All routers require you to set the network name and password during the initial setup, so be sure to use a password that’s hard to crack.

As previously suggested, use a password manager or set a memorable passphrase using multiple unrelated words with characters and numbers. Longer passwords are more secure—but don’t use something like Password1234.

Check out our guide on how to change your Wi-Fi network name and password for more information.

Fix #4—Update your firmware

Like every other operating system you use, keep your router’s firmware version current. Firmware updates increase your router’s efficiency, patch any bugs, and fix known vulnerabilities. Most router manufacturers keep up with firmware updates for several years after the router’s initial release.

All routers check the manufacturer’s distribution server for firmware updates, but not all of them download and install updates automatically. On the ones that do, the “automatic update firmware” setting is toggled on by default, so there’s no manual input on your part.

But there’s a caveat to consider. Some routers don’t automatically download and install firmware updates on purpose, which gives us pause when we suggest the auto-update function. Why? Here are two possible scenarios:

• A manufacturer could upload and distribute unintentionally faulty firmware—it’s rare, but it happens.
• Hackers could infiltrate the distribution server and infect all firmware files.

Overall, you’re probably safe in using the auto-update feature if it’s available to you. There shouldn’t be any issues installing and using new firmware. But we wanted you to be aware that the chance of irreversible damage is still a faint possibility, as bad firmware can turn your router into a $300 paperweight.

Read our guide on how to update your router’s firmware.

Fix #5—Disable unnecessary features

There are a few router features that are built for convenience but not security:

Wi-Fi Protected Setup (WPS)

WPS lets you connect devices to your Wi-Fi network without entering a password. All you do is press a button or enter an eight-digit pin to connect the new device to your Wi-Fi network. Convenient, right? That convenience allows a hacker to use a brute-force attack to figure out the PIN and take control of the router—they don’t need to access the WPS button. Disable this feature immediately.

Remote access

There are two types of remote access, but the one you should be concerned about resides in the web interface.

In short, you can access the router from anywhere outside your home network and change the settings. But it’s also an easy entry point for hackers if you never changed the default login credentials—or use simple ones hackers can easily crack. Manufacturers generally toggle off this feature by default, but it doesn’t hurt to double-check for peace of mind.

If you intend to use this feature while on a business trip, then by all means, toggle it on as needed, but don’t leave it on 365 days a year. Most leading router brands now offer mobile apps and free cloud accounts, so you can remotely manage your home network safely.

Universal Plug and Play (UPnP)

The UPnP protocol was initially designed to connect devices to each other without the need to install drivers or configure settings manually. Now everything seems to be UPnP-compatible, so you can share a printer across your network, for example, or connect your Amazon Fire TV stick to your Smart TV.

All this convenience allows the router to open ports (or doorways) for these devices—no questions asked. But it also opens up a whole new world of connections from the internet side, allowing hackers to connect by posing as a UPnP device requesting access remotely.

UPnP in routers is a vulnerability that has been exploited several times over the last 12 years. You can disable UPnP in the router’s settings, but you might notice the inconvenience. Deciding whether to disable this setting is a trade-off of convenience vs. security.

Fix #6—Create a guest network

A guest network gives visitors access to the internet, but it prevents them from accessing files, folders, and devices you share over the local network (or intranet).

The router creates a virtual network name (SSID) when you enable a guest network. You can then create a unique password and share both with guests—you don’t need to share your local network’s password. You can even allow the guest network to access your shared files, folders, and devices—but that opens the door to malware infections.

A guest Wi-Fi network also gives you more power over how your guests use your Wi-Fi. For example, you can block certain websites or types of content, limit bandwidth usage, or set a schedule for when the guest network is active—it’s like parental controls for adults. In fact, you can create a guest network for kids and teens if the router’s parental controls are insufficient.

Read our guide on how to set up a guest Wi-Fi network.

Fix #7—Schedule a reboot

Your internet provider assigns your public internet address to the first device connected to your modem or fiber ONT. That’s typically your router, and the address assigned to it usually refreshes every 14 days. Still, rebooting the router once a week wouldn’t hurt just in case a hacker obtained one of your public addresses. Plus, a reboot clears out the router’s memory and any communication problems.

Read more about how often you should reboot your router.

Other security measures you should consider

You can do other things to protect your router from malware and other unfriendly connections.

Never disable encryption

All routers enable some version of Wi-Fi Protected Access (WPA) encryption by default during setup. It protects all data transmissions between your router and devices from eavesdropping hackers lurking nearby. Never disable encryption unless you’re troubleshooting a Wi-Fi connection—and only do so briefly.

Wi-Fi Protected Access 3 (WPA3) is the most recent and secure encryption in Wi-Fi 6 and Wi-Fi 6E routers. If you don’t have access to WPA3, Apple suggests using WPA2-AES (Advanced Encryption Standard) as your next-best solution, which all modern routers provide.

Keep your devices up to date

For your whole network to be secure, you want to make sure that every device on your network is also secure. The best way to do this is to keep all your devices updated. That means phones, computers, gaming consoles, smart home devices, printers, and everything else that uses an internet connection.

Make sure to keep up with software updates and patches. Many routers have some built-in security features to scan your network and connected devices for vulnerabilities, so take advantage of that to ensure your connections stay secure.

Use a VPN

A virtual private network (VPN) is a network of remote servers that removes your location and other information when they forward your data to the destination. VPNs don’t increase your router’s security but instead hide the public internet addresses they use.

You may be familiar with VPNs like NordVPN used on individual devices. Some routers include a built-in VPN client, so you don’t have to install software on every device you own. Just enter the VPN subscription credentials into the router, and you’re good to go. Even devices that don’t support VPN software are protected.

Routers may include a VPN server too. This component allows you to use the router as a private VPN server, so you can forward your browsing data through the router while using a coffee shop’s public Wi-Fi.

One downside to VPNs is that they can increase latency, which can interfere with online gaming or video calls. To keep an eye on this, you should keep track of your network speeds with an internet speed test.

Load the Speed Test