How to Keep Your Router Secure
Pro tips to secure your router and Wi-Fi network
You can do several things right now to amp up your router’s security and keep your data private. A good place to start is to change the router’s default login credentials if you haven’t done so already. You should also change the wireless network’s name to something other than the manufacturer’s name, like from Linksys88578.
We’ll walk you through several steps you can take to beef up your router’s security, such as changing passwords, updating firmware, and making sure you’ve picked the right settings to turn your router into an impenetrable fortress.
Does your internet connection feel less than secure?
It doesn’t hurt to shop around and see which providers combine free security with the best speeds. Enter your zip code to see what’s available to you.
First, log in to your router
Most of our instructions require you to dig into the router’s settings. You will need four things before we begin:
- IP address or custom URL
- Web browser or router app
Generally, you can find the information you need on a label affixed to the bottom of the router—especially if you never changed the default credentials. For more in-depth instructions on how to find your default IP address and log in, check out our simple step-by-step guide to logging in to your router.
Now, let’s get started!
7 ways to improve your router’s security
Change the default login credentials
All routers ship with default credentials set by the manufacturer. They’re placeholders—the fields can’t be empty, after all—and not meant for everyday use:
You’re almost always required to change these settings when you initially set up the router. Some companies like NETGEAR even force you to make a cloud account before you can use the router. So, if you didn’t change the default credentials for some reason, you should do so now. Immediately.
Why? A hacker armed with every default username and password set by router manufacturers can brute-force their way into your router and take control. After that, someone could accuse you of crimes you didn’t commit. Sounds like fun? Of course not.
In many cases, you change just the password. We suggest using a password manager or creating a passphrase containing multiple unrelated words with characters and numbers. Do whatever it takes to make it memorable but unique and hard to crack, and then never use it on any other account or device—not even with the router’s Wi-Fi network.
Change your Wi-Fi network name
The next thing you need to do after changing the router’s login credentials is to make sure your Wi-Fi network’s name (or SSID) doesn’t identify the manufacturer. This step ensures that hackers lurking nearby don’t see the name broadcasted as Linksys and say, “How convenient! They have a Linksys router! I have the default username and passwords right here!”
Changing the network name also makes hacking more difficult. The name ties into the router’s encryption, so you’re essentially giving hackers a head start if you’re using the default network name. And if you didn’t change the default username and password, you might as well open the door and let the hackers walk right on in. Please, help yourself!
Naming your network something like Pretty Fly For A Wi-Fi or The LAN Before Time doesn’t tell would-be hackers any information except that your pun game is strong. Plus, it makes your Wi-Fi network easily distinguishable from other nearby networks—which is more important if you live in an urban environment and are within range of multiple networks.
But keep the name 32 characters or shorter, and don’t use anything that can identify you, your address, your router, your pet, your favorite TV show, and so on. And don’t hide the network name—it’s not worth the trouble.
Set your Wi-Fi network password
Most routers generally ask you to set the network name, password, and encryption type during the initial setup. If you didn’t set the password or encryption type, you should do so immediately unless you’re running public Wi-Fi access.
Make sure to turn on Wi-Fi Protected Access 2 (WPA 2) or WPA3 in your router’s settings. This action will create an encrypted Wi-Fi network accessible only with the correct network password.
WPA3 is the latest Wi-Fi security standard, and you should use it if possible. WPA2 is the second-best option and is way more universal since WPA3 is so new.
Other available Wi-Fi security protocols are WEP and WPA, which are outdated but still better than no wireless security at all if you’re using an older router. But if that’s the case, it’s definitely time to upgrade to a new router.
Be sure to use a password that’s hard to crack. As we previously suggested, use a password manager or set a memorable passphrase using multiple unrelated words with characters and numbers. Longer passwords are more secure—but don’t use something like Password1234.
Enable automatic firmware updates
Like every other operating system you use, keep your router’s firmware version current. Firmware updates increase your router’s efficiency, patch any bugs, and fix known vulnerabilities. Most router manufacturers keep up with firmware updates for several years after the router’s initial release.
Generally, routers automatically check for updates and install them when available. But it doesn’t hurt to open the router’s interface and check to see if it’s current. Download and install all available updates (but didn’t for some reason).
Also, verify that the router automatically updates the firmware. If not, click or tap on the toggle to enable automatic updates. Toggling it on saves you from having to check and install updates manually. If you can’t set up auto-updates, remember to check back every few months.
Disable unnecessary features
There are a few convenient router features that are built for convenience but not security:
Wi-Fi Protected Setup (WPS)
WPS lets you connect devices to your Wi-Fi network without entering a password. All you do is press a button or enter an eight-digit pin to connect the new device to your Wi-Fi network. Convenient, right? That convenience allows a hacker to use a brute-force attack to figure out the PIN and take control of the router—they don’t need to access the WPS button. Disable this feature immediately.
Remote access lets you access your router’s settings outside your home network, like from a hotel room or an office miles away. That means anyone with the login credentials can access the router’s settings—even hackers.
Generally, we’d tell you to disable remote access right away, but many routers now offer apps that allow you to manage the settings from a smartphone. Mesh networking kits don’t have a web interface you can use, so they depend on apps and cloud accounts for management.
So, if you normally use a web interface to make changes, you should turn remote management off. If you use an app to manage your network, remote management isn’t an option you can or should turn off.
Universal Plug and Play (UPnP)
The UPnP protocol was initially designed to connect devices to each other without the need to install drivers or configure settings manually. Now everything seems to be UPnP-compatible, so you can share a printer across your network, for example, or connect your Amazon Fire TV stick to your Smart TV.
All this convenience allows the router to open ports (or doorways) for these devices—no questions asked. But it also opens up a whole new world of connections from the internet side, allowing hackers to connect by posing as a UPnP device requesting access remotely.
UPnP in routers is a vulnerability that has been exploited several times over the last 12 years. You can disable UPnP in the router’s settings, but you might notice the inconvenience. Deciding whether to disable this setting is a trade-off of convenience vs. security.
Create a guest network
A guest network gives visitors access to the internet, but it prevents them from accessing files, folders, and devices you share over the local network (or intranet).
The router creates a virtual network name (SSID) when you enable a guest network. You can then create a unique password and share both with guests—you don’t need to share your local network’s password. You can even allow the guest network to access your shared files, folders, and devices—but that opens the door to malware infections.
A guest Wi-Fi network also gives you more power over how your guests use your Wi-Fi. For example, you can block certain websites or types of content, limit bandwidth usage, or set a schedule for when the guest network is active—it’s like parental controls for adults. In fact, you can create a guest network for kids and teens if the router’s parental controls are insufficient.
Schedule a reboot
Your internet provider assigns your public internet address to the first device connected to your modem or fiber ONT. That’s typically your router, and the address assigned to it usually refreshes every 14 days. Still, it wouldn’t hurt to reboot the router once a week just in case a hacker obtained one of your public addresses. Plus, a reboot clears out the router’s memory and any communications problems.
Other security measures you should consider
You can do other things to keep your router safe from malware and other unfriendly connections.
Keep your devices up to date
For your whole network to be secure, you want to make sure that every device on your network is secure as well. The best way to do this is to keep all your devices updated. That means phones, computers, gaming consoles, smart home devices, printers, and everything else that uses an internet connection.
Make sure to keep up with software updates and patches. Many routers have some built-in security features to scan your network and connected devices for vulnerabilities, so take advantage of that to ensure your connections stay secure.
Use a VPN
A virtual private network (VPN) is a network of remote servers that removes your location and other information when they forward your data to the destination. VPNs don’t increase your router’s security but instead hide the public internet addresses they use.
You may be familiar with VPNs like NordVPN that you use on individual devices. Some routers include a built-in VPN client, so you don’t have to install software on every device you own. Just enter the VPN subscription credentials into the router, and you’re good to go. Even devices that don’t support VPN software are protected.
Routers may include a VPN server too. This component allows you to use the router as a private VPN server, so you can forward your browsing data through the router while using a coffee shop’s public Wi-Fi.
One downside to VPNs is that they can increase latency, which can interfere with online gaming or video calls. To keep an eye on this, you should keep track of your network speeds with an internet speed test.
Author - Rebecca Lee Armstrong
Rebecca Lee Armstrong has more than six years of experience writing about tech and the internet, with a specialty in hands-on testing. She started writing tech product and service reviews while finishing her BFA in creative writing at the University of Evansville and has found her niche writing about home networking, routers, and internet access at HighSpeedInternet.com. Her work has also been featured on Top Ten Reviews, MacSources, Windows Central, Android Central, Best Company, TechnoFAQ, and iMore.
Editor - Aaron Gates