Updating your browser to the most recent version gives you access to the newest features, but most importantly, it protects your computer from attacks. Most browsers update automatically by default, but if your browser is out of date for any reason, you can manually update it by doing the following:

1. Open your browser menu.
2. Find your browser’s About page and select it.
3. Click the update button.
4. Close your browser and relaunch it.

Most modern browsers follow similar steps, but there are some minor differences in the menus and buttons. To learn more about the how and why of updating your browser, read on as we go into specific details.

Why should I manually update?

Ideally, you probably don’t want to be doing updates manually. In general, it’s a good idea to set your browser to download and install updates automatically in order to keep it protected from any recently discovered vulnerabilities or exploits. There are, however, a few situations where you might want more control over when these updates are downloaded. For example, some satellite plans give you extra data during low-traffic hours that you can use for downloading software updates and other large files.

Users might also want to manually update their browser proactively. Some browsers make new updates available days or weeks before they roll them out as automatic updates. If you want to know about updates as soon as they become available, you should follow your preferred browser’s developer blog, such as the Chrome Dev Blog.

In any case, find the method that works best for you to keep your browser as current as possible to avoid security threats online.

How to update Chrome

To update your browser when using Google Chrome, follow these steps:

1. Open Chrome.

2. Open the Menu (three dots in the top right corner).

3. Select Help > About Google Chrome from the menu.

4. Check to see if Chrome is up to date. If not, click Update Google Chrome.
5. Close your browser and relaunch it to apply the update.

How to update Firefox

To update your browser when using Firefox, follow these steps:

1. Open Firefox.

2. Open the Menu (three dots in the top right corner).

3. Select Help > About Firefox

4. Click Restart to Update Firefox.

How to update Internet Explorer

Microsoft officially ended support for Internet Explorer 11 on June 15, 2022. That means that there will be no more official updates to the browser and thus you can’t update it, even if new security flaws are found. If you’re one of the last holdouts still using Internet explorer, it’s finally time to switch to another browser.

If any site you visit needs Internet Explorer, you can reload it with Internet Explorer mode in Microsoft Edge.

How to update Microsoft Edge

To update your browser when using Microsoft Edge, follow these steps:

1. Open Microsoft Edge.

2. Open the Menu (three dots in the top right corner).

3. Select Help and Feedback > About Microsoft Edge.
4. If an update is available, it will begin updating automatically.

How to update Safari

Apple has discontinued support for versions of Safari on non-Apple devices, so updating Safari is now integrated with upgrading your OS. To update your OS, follow these steps:

1. Open the Apple menu in the top left corner of your screen.

2. Select System Preferences.

3. Click on Software Update.

4. Click Upgrade now to update your OS, including Safari, or select Automatically keep my Mac up to date to turn on automatic updates to keep it updated in the future.

Data effective 2/7/24. Offers and availability may vary by location and are subject to change.

VPNs come in endless varieties, but not all of them are worth your money. The best VPN services are fast, give you lots of servers and IPs to choose from, and keep your privacy secure by not logging your data. And of course, it helps if they come at an affordable monthly or annual rate. (Free VPNs are an option too—but only a select few are worthwhile since many can compromise your privacy.)

The VPNs in this guide deliver solid performance for many uses, covering all the bases for privacy, speed, streaming capabilities, and price. Read on for a look at the best VPNs to keep your browsing secret and secure.

Which VPN is best?

The best VPN service is NordVPN. It’s incredibly reliable, comes at a decent price, and has user-friendly desktop software that lets you select from over 5,500 servers in dozens of countries across the globe. The more servers there are, the more options you have, so NordVPN ensures you’ll find one that hasn’t been blocked and isn’t bogged down by too many other users.

NordVPN is faster and more secure than the majority of competing VPNs and even has features to let you access servers in countries notorious for blocking VPNs. It also has 24-hour customer support.

*Price at time of writing.

NordVPN and ExpressVPN

These two are the most respected, reliable, high-end VPN services available. Both boast enormous networks and adopt respectable privacy practices. And they have options that let you connect to the US version of Netflix and other streaming services while overseas.

CyberGhost

Founded in Romania in 2011, CyberGhost goes the extra mile with a vast network of servers, a 45-day trial period, and support for a wide range of streaming platforms. So you can check out South African Spotify or Indian Amazon Prime or Europe’s Eurosport app if you so desire.

Windscribe

This is one of the only free VPN services worth using, with handsome speeds and a 10 GB monthly data cap. It offers good service and privacy protections, which is uncommon with many free VPNs.

Should you get a free VPN?

You should get a free VPN if you’re on a budget and need a VPN for relatively limited purposes. But be careful when you pick one, because many free VPNs are full of ads, have slower speeds and fewer servers, and sometimes adopt questionable business practices (like logging your data and selling it to third parties).

VPNs that require a monthly subscription tend to be far more secure and give you a lot more options to work with. It costs more, yes, but you’re paying for better performance and peace of mind.

NordVPN

ExpressVPN

CyberGhost VPN

Private Internet Access

Windscribe

What is a VPN?

VPN stands for “virtual private network.” It’s a connection that encrypts your data as you use the internet, disguising your IP address and shielding your internet activity from potential monitoring.

VPN services maintain servers and IP addresses in multiple locations across the globe. You access the VPN by signing on to one of those servers, which then makes it appear as though you’re accessing the internet from one of those locations rather than where you actually are.

A VPN comes in handy for a bunch of reasons:

• It keeps you hidden if you’re working on a public Wi-Fi network.
• It prevents government authorities from tracking your internet activity.
• It bypasses geographic-based restrictions and censors, letting you access blocked websites and platforms.

Streaming services like Netflix will often flag and blacklist IP addresses connected to some VPNs, but a good VPN will have multiple options for you to still log on. (Head back up the page to see our best VPN for streaming.)

What to look for in a VPN

A good VPN is fast, reliable, and affordable. It should have policies in place to maintain your privacy and security. And it’s a plus if it also includes features like dedicated IP addresses and servers optimized for accessing streaming platforms.

There are countless VPNs you can sign up for, but you should be careful about which one you choose. When you use a VPN, you’re trusting it to keep all your internet activity secure—so you want to make sure the VPN is actually trustworthy, right? Here are a few important things to watch out for.

No data logging

Choose a VPN that doesn’t log your data as you’re using the service. Many top-rated VPNs do this as a matter of policy to ensure your privacy in the event of a data breach. If you have additional concerns about privacy, read over the VPN’s privacy policy and do some research to see if it has a good reputation among data-security specialists.

Stay away from lesser-known free VPN services, which sometimes draw revenue by selling your data to a third party. (One exception would be Windscribe, which we describe farther up on this page as a quality free VPN service.)

NordVPN is the best VPN out there because it’s easy, fast, and secure. It offers lots of servers and IPs to choose from and comes with extra functions to boost your privacy and give you the access you need.

ExpressVPN, CyberGhost VPN, and Private Internet Access are fantastic options as well if you want a paid service with deluxe features. ExpressVPN will give you even more security assurance and faster speeds. CyberGhost is great for streaming. And Private Internet Access is a bit more affordable.

If you’re looking for a free VPN, you can’t do much better than Windscribe, which has great security standards for a free service and gives you a generous 10 GB per month to use. Generally, though, we recommend avoiding free VPNs.

Sign up for NordVPN

VPNs FAQ

Internet issues are just a way of life, like getting a flat tire or burning a turkey in the oven. Something problematic will always pop up while you still live and breathe—network troubles on your provider’s side, storms blowing down lines, the speed woes of a tired old router. Something.

But what if you suspect foul play? What if all your devices load the same website no matter what you type into the address bar? Or, even worse, you sit at your computer, utterly speechless, as a “ghost” seizes your mouse and opens your bank account? Not fun.

Those two scenarios alone are good signs of a hacked wireless router. But don’t worry: we’ll clue you in on how to recognize a hacked router, how to fix it, and how to make sure it never happens again.

Signs that someone hacked your router

There are many signs of a possible router hack that can throw up a red flag. Some are general and could apply to other router-related issues. Others are a sure sign that someone else now controls your network.

Sign #1—You can’t log in to your router

First, let’s be clear that your inability to sign in to your router or gateway doesn’t always mean you’ve been hacked. There have been plenty of times when we returned to a router we previously tested, and it (rather rudely) denied us access to the settings. This is not an uncommon problem. It usually means you’re entering the wrong password, you misspelled the password, or something on the router side is corrupt. Case closed.

With that said, there’s also the slim possibility that someone hacked your router. The attacker may have figured out the credentials, logged in, and changed the password to lock you out. After that, the attacker has free reign to change additional settings and make your life miserable.

But why did the attacker target you? Perhaps you clicked on a clever email or message link, and now the hacker has full control of your home network. Hackers also probe the internet for vulnerable routers they can use to create botnets, steal your bank login info, and so on.

Welcome to the modern-day World Wide Web.

So, whether you’re hacked or just having password issues, the only remedy is to reset your router to its factory defaults.

Immediate action: Follow our instructions on how to reset your router.

Sign #2—All internet browsers lead to the same site

Browser hijacking is a sure sign that you have a hacked router or gateway.

In this case, a hacker logged in to your router and changed its Domain Name System (DNS) settings—the system that matches numeric IP addresses with alphanumeric ones you can easily remember, like google.com.

By doing so, the hacker can redirect all internet traffic through your router to a malicious DNS server. This server will lock you to specific websites that can steal your information and install malicious software on every internet-connected device you own.

Immediate action: Log in to your router and change the DNS settings and password. If you can’t log in, reset your router. You should also scan every device with antivirus software to make sure there’s nothing on your devices that’s hijacking your browser.

Sign #3—There’s strange software on more than one device

If you see new, unfamiliar software on more than one device—especially if you didn’t download it intentionally—there’s a good chance someone hacked your router and remotely installed malware onto your devices.

Strange, uninvited software includes browser toolbars, fake antivirus clients, and other programs that will generate random popups on your screen or within a browser.

If you have multiple computers, this uninvited software may be on all of them. Malware can replicate on a single device and spread across wired and wireless connections, similar to how a virus spreads from person to person.

Immediate action: Log in to your router and change the password. If you can’t log in, reset your router. Afterward, make sure your router has the latest firmware. Be sure to uninstall the strange software from your device(s) and run an antivirus client.

Sign #4—You receive a ransomware message

Ransomware messages are a good sign that you have a hacked router. These attackers can seize control of the router and demand money in return for its release. The message may appear in the form of an email, instant message, text, or a popup generated by uninvited software installed on your device.

Immediate action: Don’t pay a dime, and follow our instructions on how to reset your router. Be sure to create a unique password that hackers can’t guess.

Sign #5—You see unrecognized devices on your network

You can use the router’s web interface or a compatible mobile app to see a list of devices connected to your home or office network. For example, the Linksys Smart Wi-Fi interface provides a network map—just click on a device to see its assigned address.

When you look at the map, all local devices have a derivative of the router’s private IP address. If your router’s address is 192.168.1.1, for example, then all device addresses should start with the first three numbers (192.168.1).

However, a device remotely accessing your router won’t have an address that matches the first three numbers of your router’s private address.

Immediate action: Kick the unknown device(s) off your network and change the password. Disable remote access if you never use it.

Sign #6—You can’t control your device

If you sit in front of your computer and watch an uninvited, unseen guest move the mouse and access your banking information, you definitely have a hacked router.

In this scenario, the hacker has remote access to your device and can open any file or online account using the passwords you store in the operating system or browser.

Immediate action: Unplug your devices and disconnect your router from your modem. After that, follow our instructions on how to reset your router. Change your passwords, too.

Sign #7—Your internet speeds are slower than snails

Slow internet speeds aren’t uncommon. There may be issues with your provider, too many devices downloading at one time, and so on. But if you experience extremely slow speeds along with other symptoms on this list, chances are you have a hacked router.

Your speeds could be slow because the hacker seized your full bandwidth for the following:

• Botnet activity
• Distributing malware to other networks
• Remote connections to your devices
• Cryptojacking
• General internet piggybacking

Immediate action: First, use our tips on how to speed up your internet to see if the problem is just a connection issue. If you think that someone hacked your router, try to change the password. If you can’t, follow your instructions on how to reset your router.

How to fix a hacked router or gateway

You can easily and quickly fix a hacked router. There’s no need to throw it out the window and purchase a new one.

Step 1: Disconnect the router or gateway

If you have a standalone router, disconnect the Ethernet cord to avoid communicating with the modem. If you have a gateway, disconnect the internet connection instead.

In both cases, disconnect all other wired and wireless devices.

Step 2: Power cycle or reset your router or wireless gateway

In some router hacking cases, a simple power cycle (reboot) works as a quick fix. This method clears the memory of any malicious code and refreshes your public IP address. Just pull the plug, wait 30 seconds, and then plug the cord back into the outlet.

In other cases, you may need to reset your router to its factory settings if an infection persists or you can’t log in. A power cycle cannot remove severe infections like VPNFilter.

To factory reset your router, find its reset button—it’s either surface-mounted or recessed on the back. Press and hold the button—you’ll need a paperclip for a recessed button—for 10 seconds until your router’s LEDs indicate a reboot.

Step 3: Change the password

Once the router reboots, log in and change the password. You can use one of the best password managers to create one and retrieve it from your account when needed.

If you reset the router, be sure to use a strong password when prompted to set one during the setup. Do the same with your Wi-Fi network, too.

Actually, we suggest you create a passphrase instead of a password. It’s a long string of unrelated words filled with symbols and numbers. Make it something you can remember but isn’t easily guessed.

Immediate action: Read our guide on how to change your Wi-Fi network name and password.

Step 4: Update the firmware

Set your router to update its firmware automatically if it’s not already. And if your router doesn’t give you the option to update automatically, set yourself a reminder to check every month or so.

But carry out either method with caution, as faulty firmware can render your router useless. Check the manufacturer’s notes to make sure the latest firmware is stable. You shouldn’t have any issues with new firmware, but it doesn’t hurt to be cautious and proactive. Routers aren’t cheap.

Immediate action: Read our guide on how to update the firmware on routers from several popular brands.

How to prevent a router hack

Use the following suggestion to safeguard your devices and sensitive data against hackers.

Stay on top of firmware updates

Your router is a miniature computer with a processor, system memory, and storage that houses the operating system (firmware). Unfortunately, firmware is never bulletproof, as there can be bugs in the code and security holes. Attackers will utilize these unpatched flaws and access your router with ease.

Manufacturers distribute firmware updates regularly to squash these bugs and patch vulnerabilities. Generally, we suggest you enable automatic firmware updates if the feature isn’t toggled on already and you never manually install new firmware. Log in to your router and toggle on automatic updates if they are not already.

However, be aware that things can happen. Bad firmware uploaded to a manufacturer’s distribution server can brick your router. Malware-infected firmware distributed to a router can lock you out. Auto-updates are convenient, but there’s a rare chance the update can go awry and leave you with a $300 paperweight. For this reason, some manufacturers don’t support auto-updates.

Read our guide on how to update the firmware on routers from several popular brands.

Use a secure password

Most routers now ship with a unique passcode you enter when connecting to Wi-Fi for the first time. The setup process requires you to create the administration and Wi-Fi passwords before you can even use the router. Some require a cloud account prior to starting the setup process, like mesh networking systems.

Overall, never use an easily guessed password with your router or Wi-Fi network—even if it’s full of upper- and lower-case letters, numbers, and symbols. These include names of pets, children, other family members, and anything that links to your interests. Believe it or not, the two most used passwords are still password and 123456. Like, really?

A hacker can use free online tools to carry out a brute-force attack—a trial-and-error method that continuously enters every possible password until one works. Hackers can also use a library attack, which uses words pulled from a dictionary. These attacks can quickly crack an easy eight-character alphanumeric password.

As we suggested earlier, use a passphrase instead of a password. It’s a string of unrelated words with symbols and numbers that’s harder to crack than any password you create.

Schedule routine reboots

A monthly reboot is good for the router, as it can clear the system memory and refresh all connections.

Additionally, your internet provider assigns a public IP address to your router. It usually refreshes every 14 days anyway (unless you pay for a permanent “static” address), but a reboot gives you an extra refresh if hackers obtained one of your previous addresses.

Disable remote access

Remote access is a feature for changing the router’s settings when you’re off the network, like from a hotel room. Most routers now have two methods, but the one you should be concerned about lies within the web interface. It’s an easy entry point for attackers, especially if you use a weak password.

Based on the routers we’ve tested, this feature is disabled by default in favor of cloud-based access through mobile apps. Still, you should check to see if it’s disabled, and if not, turn it off immediately. Only use this version of remote access if the app doesn’t have the settings you need to change off-network—and only do so sparingly.

Be sure to use strong passwords or passphrases when you set up a cloud account (if you choose not to use the complex ones supplied by Android and Apple devices). Also, enable biometrics so you’re not manually entering login credentials out in public.

Disable WPS

Wi-Fi Protected Setup (WPS) has good intentions. It allows users to connect their devices to a wireless network without a password. Simply press the WPS button on the router, or enter an eight-digit PIN provided by the router.

But the convenience has a major drawback. Hackers can use a brute-force attack to figure out the PIN in 4 to 10 hours—they don’t need access to the physical button. You can easily disable WPS through the router’s backend and instead use our guide on how to share your Wi-Fi network’s password to any device.

If you have a Linksys router, for example, you can disable WPS by doing the following:

Step 1: Select Wi-Fi Settings displayed under Router Settings.

Step 2: Click on the Wi-Fi Protected Setup tab.

Step 3: Click the toggle so that it reads OFF.

Step 4: Click on the Apply button. You must click this button so that WPS and its related PIN are completely disabled—clicking on the toggle without applying the change isn’t enough.

Change the network name

The Service Set Identifier (SSID) is your wireless network’s name. All routers broadcast the manufacturer’s name by default, like Linksys_330324GHz or NETGEAR_Wi-Fi. Anyone within range can see this name, know who built your router, and search the internet for the default login credentials if they’re available.

However, the router prompts you to rename the wireless network during the setup process for that very reason. If you ignored the router’s request, now is a good time to return to the settings and change the network name. Use whatever you want, just don’t advertise anything that can help attackers infiltrate your home network.

If you have band steering turned on, you’ll only need to change one SSID. If band steering is turned off, you’ll have two or three connections to rename. We normally add a “2” or “5” suffix to distinguish between the different bands, like “clearlink2” and “clearlink5” as seen in our router reviews.

Finally, network names can be up to 32 characters long.

How to protect your devices from hacks

There’s more to protecting your network against hackers than securing your router. You need safeguards in place to protect your devices and personal data, too, should an attacker take control of your router.

Computers and mobile devices

Lock your device with biometrics or a passcode

Use facial recognition and fingerprint scanning to lock your devices and accounts versus using passwords. Passcodes and patterns are better than passwords, too, but you run the risk of someone guessing them correctly by viewing the smudges on your screen.

Keep all software current

Device manufacturers like Apple and Lenovo release system updates to squash bugs in the code, optimize performance, and fill security holes. Software developers do the same, so be sure every platform, desktop software, and app you use is current.

Never install questionable software

If the desktop software or app—or even the website that hosts it—looks shady, then don’t install it. Always get your apps and software from verified sources versus back-alley repositories lurking in the dark corners of the internet.

Never connect to an unsecured public network

An unsecured public network means the Wi-Fi connection doesn’t use any security. The data you send and receive from an unsecure Wi-Fi access point isn’t protected from eavesdropping hackers eager to steal your info.

Use a VPN service

Many modern routers now support OpenVPN, a free VPN service you can use to hide your online activity. All you need is to enable the server on your router and install the client software on your devices. We also provide a list of the best VPN services if your router doesn’t include a VPN server.

Turn off Bluetooth

Bluetooth is another form of wireless communication. Device manufacturers like Apple say to keep it turned on “for the best experience” but the Federal Communications Commission suggests you turn it off when not in use, as hackers can access your device by spoofing other Bluetooth devices you use. If you must enable Bluetooth, use it in “hidden” mode.

Use Two-Factor Authentication

Always, always enable two-factor authentication on every account you use. It’s a pain, we know, but that added layer of security keeps hackers at bay should they somehow get your login credentials. For example, Microsoft Authenticator requires you to verify a login request in the mobile app before you can log in to your Microsoft Account on any device, including the Xbox consoles.

Never click or tap on strange links

Malware you unintentionally download to your computer or mobile device could lead the way to a hacked router. Here are several ways you can get unwanted malware:

• Click on a link in a phishing email or chat message
• Connect an infected flash drive
• Access a malicious website
• View infected ads

Computers only

Keep your antivirus current

Apple macOS doesn’t include built-in antivirus because hackers rarely ever target the platform. Microsoft Windows is a different story, however, and includes antivirus protection for free. Be sure to keep it and any third-party antivirus software you have installed on Mac or Windows up-to-date, so you stay protected against the latest threats.

Never disable your firewall

All computing devices have a firewall that monitors your network traffic flow but you can disable it on Mac and Windows. This is a bad idea, as you remove all restrictions and open the door for hackers to slip in and infiltrate your device. We provide instructions on how to re-enable your firewall on Windows and Mac if, for some reason, it’s disabled.

Related topics

• 8 Terrifying Security Flaws in Your Wi-Fi—And How to Fix Them
• How Can I Tell If My Internet Is Being Throttled by My ISP?
• How to Know If Someone Is Stealing Your Wi-Fi

Our pick: Which password manager is best?

LastPass is our go-to solution for the best password manager. It checks all the right boxes: desktop and mobile support, password sharing, file storage, family management, dark web monitoring, a password generator, and more. It feels more complete overall, thanks to a good balance of free and premium features.

The 7 best password managers

• Best overall: LastPass
• Best for Apple devices: 1Password
• Best for usability: Dashlane
• Best for business: Keeper
• Best for budgets: RoboForm
• Best free option: Bitwarden
• Best no-cloud password sync: Sticky Password

*Non-business prices as of 9/25/23.

What should you look for in a password manager?

The best password manager should generate long, unique passwords that are nearly impossible to crack. It’s essential for day-to-day use across all accounts because passwords are often reused, too short, and easily guessed.

A password manager should also support multiple operating systems, like Windows and Android. Be sure to pick a password manager that is in active development and offers end-to-end encryption, if possible.

Finally, a password manager should list “zero knowledge” somewhere on its product page. That means the developer doesn’t have access to your data. If a password manager advertises device synchronization (most do), that data should reside on the developer’s cloud servers as an inaccessible encrypted blob.

For a more in-depth look at the essential features to consider in a password manager, jump ahead to our expanded section below.

FAQ about password managers

If your wireless home network is slower than it should be, it might not be the fault of your equipment or your internet service provider (ISP). Someone might be stealing your Wi-Fi. Fortunately, there are ways to detect and remove uninvited guests on your home network and make sure they don’t come back.

How can someone steal my Wi-Fi?

Wireless networks make it easy to connect all your devices to the internet, but it also makes it easier for other people to use your connection. This has been true since the earliest days of wireless transmission. The first wireless hack occurred in 1903 when Nevil Maskelyne hacked Marconi’s wireless telegraph in order to send a rude poem during a public demonstration.¹

Perhaps unsurprisingly, wireless hacking became common in the early days of Wi-Fi, when security protocols were lax and most people were new to the technology. At this time, hackers would go “wardriving,” driving through neighborhoods looking for unsecured wireless networks that they could use to connect to the internet for free.² While this might conjure images of shadowy agents in high-tech surveillance vans, all it really took was a college kid with a laptop, some hacking software, and a “cantenna”—a signal amplifier antenna made out of a tin can.³

Although most wireless routers have security features enabled by default, many network attacks still begin with a hacker wardriving through a neighborhood, looking for network vulnerabilities (often still using a cantenna). Having hackers on your network is bad for several reasons. They can do any of the following:

• Use your connection for illegal activities
• Use packet sniffers to steal passwords and other information
• Redirect your browser to fake sites to steal your information
• Install malware on your devices

Of course, while lax security might be an open invitation to hackers, Wi-Fi thieves are more likely to be neighbors trying to get free internet access. This is especially common if you live in a large apartment building, since your router signal is probably strong enough to be picked up from almost anywhere in your building and probably several of the surrounding buildings as well.

Your neighbors probably aren’t trying to steal your credit card numbers, but freeloaders will slow down your connection speed. So unless you gave them permission to use your Wi-Fi, kick them off.

How to check for Wi-Fi thieves

If you think someone is stealing your Wi-Fi, the first step is to check. Some methods are simple, while others require a bit more technical savvy.

Check the lights on your router

Most routers have a series of indicator lights that let you know when the router is powered on or connected to the internet. It should also have a light that shows wireless activity. A quick way to see if you have freeloaders is to turn off all your wireless devices and see if the light is still blinking. If it is, someone else is on your network.

This method isn’t very practical if you have a lot of devices in your home—everything from your phone to your fridge could be trying to connect. But if your computer is the only device that should be connected to the internet, this is a quick way to catch Wi-Fi thieves in the act.

Use an app

There are apps for both mobile and desktop computers that can be used to detect unwanted devices on your network. There are also web-based apps like this router checker from F-Secure that will look for indications that someone has hacked into your network.

Check wireless client list

Although it’s a bit more complicated, the surest way to see if an unauthorized user has broken into your network is to check the list of current devices in your router’s settings. Here’s how to do this:

1. Log in to your router.
2. Find the list of current wireless clients.
3. Look for unknown devices.

Every phone, computer, and smart device you own will show up in this list as a unique MAC address. If you know for a fact that you have only five wireless devices and there are six active devices in the list, you definitely have a freeloader. You can also look up the MAC address (a type of network identification number) for each of your devices and see if there are any on the list that don’t match. MAC addresses are often listed in a device’s settings alongside its IP address.

Check router logs

If you didn’t find anything when checking the active client list but still believe someone’s been getting on your network, you can check your router’s logs. You can access past activity logs from the same menu in your router settings where your current wireless clients can be found.

The downside is that it’s a bit of a needle in a haystack. It’s not easy to look at a huge list of numbers and determine which one doesn’t belong.

The advantage of going to the logs is that your moocher doesn’t have to be logged on to your network for you to catch them. Also, if you have an idea of when the problems started, you can see if any new MAC addresses started popping up around those times.

How to secure your wireless network

Once you know that someone is stealing your Wi-Fi, you need to kick them off your network. The first step is to change your network name and password. If the internet thieves are just freeloading neighbors, this is usually enough to get rid of them. But it’s also a good idea to make sure that you’re using the most secure settings on your router.

There are several protocols used to secure wireless networks and most routers give you several options. The oldest and least secure of these is WEP (Wired Equivalent Privacy), which was created in the late ‘90s. Don’t use WEP.

WPA stands for Wi-Fi Protected Access and was created to fix the major security flaws in WEP.² The newest version of this standard is WPA2, which also incorporates the Advanced Encryption Standard, also known as the AES encryption protocol. This is why, on some devices, this feature is called AES instead of WPA2. You should always enable WPA2/AES security on your router if it’s available.

If your router doesn’t offer WPA2 security, you might want to buy a more secure router.

Using a secure password on your wireless network is the most important thing you can do to keep your Wi-Fi secure, but there are lots of other steps you can take. For more information, check out our guide to keeping your router secure.

If it’s not thieves, why is my Wi-Fi so slow?

If you’ve gone through your router logs with a fine-tooth comb and haven’t found any unauthorized devices, people probably aren’t stealing your Wi-Fi. So, why is your Wi-Fi still slow? There are a couple possible reasons.

Is it just the Wi-Fi?

Before you spend an entire afternoon on the phone with customer service, try plugging your computer directly into your router. Did that fix your speed problems? If it did, then the problem is with your router. You can always buy a new one, but there are a few tricks you can try first. To find out how, check out our step-by-step guide to improving your Wi-Fi speed.

If plugging in to your router didn’t resolve your speed issues, the problem isn’t just your Wi-Fi. It’s your entire internet connection.

When does it slow down?

If your network slows down at peak hours (usually in the evening when everyone is getting home from work), then this might be normal slowdown due to internet traffic. Cable connections share bandwidth between houses in the same neighborhood, so you can get lower-than-advertised speeds if you and your neighbors are all trying to use the internet at once. The only way to avoid this is to avoid peak hours or switch to a more reliable connection like fiber.

If your internet slows down for a few days or weeks every month, your internet service provider (ISP) might be throttling your speed once you pass your monthly data cap. This can often be fixed by upgrading to a more expensive monthly plan or by purchasing additional data from your ISP.

Is it always slow?

If your connection is constantly slower than your ISP’s advertised speed, it could be a problem on their end. Contact your provider’s customer service department to ask why your speed is so slow and when it will be back up to speed. Every network experiences occasional slowing and outages due to maintenance. But if customer service can’t tell you when your speeds will be back up to normal, it might be time to find a new provider.

Protect your internet connection

It’s easy to take Wi-Fi safety for granted. Every coffee shop and fast food restaurant has its own public Wi-Fi, and we can see the names of our neighbors’ home networks just by pulling out our phone.

These days, a vulnerable home network may not exactly be a jackpot for hackers, but it is low-hanging fruit for freeloaders. Using proper network security is a good habit to get into and a good way to get the most out of your internet plan.

More resources

Having your bandwidth stolen by freeloaders is frustrating, but there are lots of other security threats that can affect your home network. If you want to find out more about how to keep your network and devices secure, check out some of our other articles on internet security.

• Terrifying Security Flaws in Your Wi-Fi and How to Fix Them
• Best Internet Browsers for Security
• How Safe Is My Internet Connection?
• Best Routers for Security

1. Paul Marks, New Scientist, “Dot-Dash-Diss: The Gentleman Hacker’s 1903 Lulz,” December 20, 2011. Accessed March 28, 2020.
2. Karina Astudillo, Wireless Hacking 101, 2017.
3. WikiHow, “How to Make a Cantenna,” April 16, 2020. Accessed March 28, 2020.

Even on secure networks, cybercriminals still find ways to get in, and once they do, they potentially have access to anything and everything you do online. They use these vulnerabilities to steal your money, peer into your personal life, and perhaps even access live video feeds of your home. It sounds like a horror story, but it’s a reality of having so much of our lives integrated into technology.

The upside is Wi-Fi security is constantly improving, giving you some big guns to defend your home network. Once you combine your network’s built-in security tools with good network safety practices, you have a fairly robust defense against cybercriminals.

In this guide, we’ll go over some of the ways hackers break into your network and show you what to look for in case of a security breach. Then, we’ll go over some essential preventive measures you can take to build up your own personal Fort Knox of Wi-Fi security.

Jump to: How hackers break into your network | How to protect your home network from hackers

Jump to:

• How hackers break into your network
• How to protect your home network from hackers

How hackers break into your network

Phishing

Phishing is a scam tactic used by hackers that tricks you into clicking on a malicious link or attachment that either installs malware on your device or persuades you to provide sensitive information, like login credentials.

Phishing often comes in the form of an email or text message disguised as a communication from a reputable source that you’re familiar with, like Amazon or Microsoft, with urgent language designed to get you to act fast.

It might say there’s an issue with your account, payments, or even a malicious login attempt, and the only way to fix the problem is to follow a link or download an attachment. The links usually lead to bogus forms asking you to fill out sensitive information. Phishing attachments often contain malware that immediately infects your device and searches for your private information or simply wreaks havoc on your system.

Since phishing usually relies on you taking the bait, all you have to do is avoid clicking that fateful link or attachment. You need to maintain a general skepticism of any link or file attachment in an email, instant message, or text message. Develop the habit of checking the sender’s email address for anything suspicious, such as typos or use of a public domain, like Gmail. Red flags should go up whenever you encounter pushy language emphasizing urgency and immediate action. Taking a little extra time processing your inbox can go a long way in keeping your network secure.

Malware

Malware, short for Malicious Software, is any software designed to extract private information or harm your devices. These programs come in a variety of nefarious forms. Some record everything you type into your keyboard, searching for passwords. Others may intercept your web traffic, while some take pictures of your screen and send those back to the criminal. Some malware acts as a passageway for more malware. And sometimes, Malware is designed to simply mess up your computer.

You get malware by downloading files or clicking on links. Don’t download files from untrusted sources, and keep an eye out for disguised websites and emails. If you’re unfamiliar with a source, think long and hard before you let it through your network defenses.

Brute Force Attacks

Brute force attacks involve using a program to guess your password until it finds the right combination of characters. For a person, this is usually impossible without some type of hint, but computers can cycle through thousands of attempts without breaking a sweat.

How to protect your home network from hackers

There are many tools and practices at your disposal to protect yourself from malicious network attacks. Most are really easy to implement in your home network.

Create strong passwords

Your first line of defense is robust passwords that are not easily cracked by hackers. Many of us are guilty of creating simple passwords based on personal information like birthdays or names; it makes sense, as these are easy to remember, and being locked out of your accounts seems to happen at the worst times. But these passwords are also easy for criminals to decipher.

Sometimes, it doesn’t even take the use of malicious programs to break these passwords. Identifying information, like birthdays, pet names, and other personal details is often easy enough to find through a person’s public social media posts or profile information.

Best practice: The most secure passwords mix character types (numbers, letters, and symbols), contain at least 10 characters, and are not based on personal details (such as birthdays or pet names).

Change your router’s default login credentials

Router login credentials are not the same thing as your Wi-Fi name and password. Your router login credentials allow you to change your home network’s settings. These settings include your Wi-Fi password and your security settings.

Many routers come with default login credentials that are laughably insecure. In fact, the login credentials are usually something like “Admin” for the username, and the password is literally set as the word “password.” Even worse, the login page is almost always a universal URL web address or IP address. This lack of security makes it extremely easy for anyone on your Wi-Fi network to access your router settings if you haven’t changed the default credentials.

Best practice: To change your router login credentials, you’ll need to access your router’s settings; we detail the process in full in our guide on logging into your router.

In short, all you have to do is connect to your router via Wi-Fi or using an Ethernet cable and navigate to the settings page in a web browser using the router’s login URL; this is usually printed on a sticker along with the default username and password. Once logged in, you’ll be able to change the password. Alternatively, some routers use a mobile app instead of a web interface.

Some routers prompt you to change the login credentials when you first set up the router. If you can’t remember if you changed them already, it’s best to double-check.

Keep your router security enabled

Aside from limiting access to your network with a Wi-Fi password, your router also has built-in security measures. These should be on by default, so all you need to do is keep them running. Also, if you have a stand-alone modem and router, don’t connect to the modem directly via Ethernet, as this bypasses your router’s built-in security features. Instead, connect your devices to your router via Ethernet or Wi-Fi.

Upgrade to a WPA3 Router

WPA3 is the latest security protocol used in all Wi-Fi certified routers and devices since 2020. WP3 introduced many improvements in Wi-Fi security, notably better encryption and defense against brute force password-cracking attacks.

Best practice: If you don’t have a router that can use WPA3, it might be time to shop for a new one—which could even help your Wi-Fi speeds if your router is older. If your router was released after 2020, you should already have a WPA3 router. If your router was released earlier, it may use WPA2, which is not as robust as WPA3. WPA3 was announced in 2018, so if your router was made before then, it’s definitely not taking advantage of WPA3’s enhanced security.

Keep your computer and devices updated

Like most tech fields, cybersecurity advances at an extremely fast pace. So, while security tools are always improving, so are the methods of cybercriminals. Keeping your OS updated ensures you have the latest protections installed.

Best practice: Regularly update your devices and apps and consider turning on automatic updates to help you avoid forgetting.

Set up a Wi-Fi guest network

A guest Wi-Fi network allows others to use your Wi-Fi network while still protecting the most vulnerable parts of your network. For example, someone on the guest network may be able to browse the internet, but they can’t log in to your router and start changing network settings. This is a nice way to share your Wi-Fi without as much risk.

Best practice: Set up a guest network for when someone you don’t know well visits or accesses your Wi-Fi for any reason. You can follow our guest network guide to get your setup started.

Use antivirus software

No matter how diligent you are, sometimes malware still finds its way into your home network. Luckily, you can prepare for such occasions with antivirus software. Antivirus software not only works to keep malware and viruses off your computer and devices, but it scans and erases malicious programs that make their way through your other defenses.

Best practice: Find an antivirus software that fits your budget and needs. You can set your software to regularly scan your devices and make sure your personal data stays secure.

Our pick: Which internet browser is the most secure?

Firefox is our top pick as the most secure browser because it’s completely open source and contains no hidden or proprietary code. As a result, it can be examined by any security expert to confirm that it doesn’t secretly track you across the internet and sell your browsing habits.

In contrast, Google Chrome, Apple Safari, and Microsoft Edge are only partially open source, as they include proprietary components security experts can’t thoroughly inspect.

The 6 most secure browsers

• Best overall: Firefox
• Best for anonymity: Tor Browser
• Best for customization: Vivaldi
• Best for blocking ads: Brave
• Best for extreme privacy: Epic Privacy Browser
• Best for VPN use: Opera

Compare secure browser features and availability

What should you look for in a secure browser?

You want a web browser that blocks everything that can identify you. While some cookies are necessary for websites to function, others are intrusive and intentionally collect your information to track you across the internet.

A web browser should also verify that every destination you visit is safe so you’re not unintentionally loading a site full of malware or one that secretly runs scripts in the background to mine digital currency at your expense.

Lastly, a browser should offer secure connections. For example, the Tor Browser offers triple encryption, while Opera has a built-in virtual private network (VPN) component. Most web browsers support HTTPS connections.

Compatible browsers will display a lock symbol in the address bar when you load a website that offers HTTPS connections. If the website doesn’t support HTTPS, the browser will display a “not secure” message or something similar.

You may find browsers that include an HTTPS-Only Mode. Firefox, for example, can force all connections to use HTTPS when you enable this setting. Conversely, if the website does not use HTTPS, Firefox will block access with a warning page containing “Continue to HTTP Site” and “Go Back” buttons.

Malware prevention

A secure web browser should check with a trusted database to verify that a website is safe to use.

For example, malware may secretly infect a legitimate website, or a website may appear official but is instead a “spoof” to fool you into downloading unwanted software. Both situations are typically reported and listed in a database that the browser downloads and updates frequently.

A browser should also verify that the file you are downloading is legitimate. For instance, Firefox will verify the site’s integrity against a database provided by Google Safe Browsing. If Google blacklists the site for malware, Firefox will block the download. This verification also helps prevent unwanted files too, like automatic downloads, when you visit a website.

So, where are Chrome, Safari, and Edge on this list?

On a security level, we don’t recommend using browsers provided by Apple, Google, and Microsoft.

Google Chrome

Google makes a big chunk of revenue from advertising and data collection. Those two factors alone should be enough reason to shy away from Google Chrome. The browser is undoubtedly convenient given its native ties to Google’s services, and it’s one of the fastest based on our tests, but Chrome collects an alarming amount of data—more than any other browser on our list.

Apple Safari

Apple is a “device first” company. Its most significant source of revenue is sales from Macs, iPhones, iPads, and so on. Safari is undoubtedly the better native option over Google Chrome on these devices, and its security and privacy aspects have improved over the last few years. 

But Safari isn’t completely transparent in terms of code, nor is it available on any other platform outside the Apple ecosystem. It’s also had its share of eye-opening security and privacy issues in the past.

Microsoft Edge

Finally, the new Microsoft Edge ditches the previous in-house EdgeHTML engine for Chromium. It collects data about the websites you visit, and there’s no option to turn this data collection off. Moreover, Microsoft Edge shares details regarding web pages visited, whether you use the search autocomplete function or not.

The bottom line

You can’t expect total security and privacy from companies that have other agendas. All three browsers listed above provide operating systems that already know what you do and where you go every day.

What you need is a browser provided by a developer with one single, razor-sharp mission: to give you the best, most secure window to the internet.

FAQ about secure browsers

What is Incognito Mode?

Also known as Private Mode or something similar, Incognito Mode keeps your browser history private. In Firefox, for instance, the browser deletes all cookies when closed. It also blocks tracking cookies by default. For more information, read our explanation about what Incognito Mode actually does to protect you online.

What is fingerprinting?

Fingerprinting is a form of data collection that pieces information together to identify you. Data is collected through the web browser or through apps or programs installed on your device.

Websites use third-party trackers to continue collecting data (shopping habits, frequented websites) and create a larger snapshot of your internet presence. This “fingerprint” includes your device, operating system, preferred browser, and so on.

What is the Tor network?

The Tor network consists of over 7,000 volunteer-operated relay servers located around the globe that perform as “onion” routers. Here’s what happens when you access a website using a Tor client:

Step 1: The Tor client determines the best path to the destination and generates three encryption keys. 

Step 2: The client sends the three-layer encrypted data to the first Tor server, the Entry Node.

Step 3: The Entry Node decrypts the first layer, discovers the second server’s location, and relays the two-layer encrypted data.

Step 4: The second server, or Middle Node, decrypts the second layer, discovers the third server’s location, and relays the single-layer encrypted data.

Step 5: The third server, or Exit Node, decrypts the final layer and relays the plaintext data to the destination.

In a nutshell, the Tor client creates a “circuit” between you and the destination that remains open for around ten minutes. Once that window expires, Tor creates a new circuit to prevent eavesdroppers from tracking your activities. A new circuit is also created when you visit another website.

“Tor” is an acronym for The Onion Router.

What is a virtual private network (VPN)?

A virtual private network is a secure, private connection that works over the internet.

VPN software you install on your device encrypts your data and then establishes a direct, encrypted connection (or “tunnel”) between you and the VPN server. Once the server receives your encrypted data, it decrypts the data and then sends it in plaintext to the destination.

This way, the destination cannot collect your information, such as your IP address, web browser, and operating system.

How does cryptocurrency mining work in a browser?

Cryptocurrency mining within a browser works by using JavaScript code. Every web page you view on the internet is downloaded to your device as cache, including JavaScript code that quietly runs in the background to run basic web components.

In this case, the JavaScript code runs complex mathematical calculations to create digital currency. Mining requires heavy processing and will slow your device to a near crawl as the CPU computes the heavy math. You could see your browser use 90% or more of your CPU’s total processing capacity.

Some websites, however, use cryptocurrency mining in the browser as a form of “payment” for consuming their content. This payment is typically voluntary on your part.

What is phishing?

Phishing is a method of obtaining your personal information through a link embedded in an email, text message, instant message, and so on. The attackers pose as a person, company, or service you trust and attach a link. The resulting website looks legitimate, but it’s a “spoofed” site created to steal your information.

What is address bar tracking?

Address bar tracking is a method of obtaining your browsing habits through the autocomplete function. When you type a search query or URL in the address bar, the browser analyzes that data to provide suggestions. The browser may also send that information to remote servers. As a result, companies like Google and Microsoft know where you’re going and where you’ve been.

What is a Device ID?

A Device Identifier (ID) is a unique string of numbers that identifies your device, whether it’s a computer or smartphone. It’s stored on the device and is derived from other hardware-identifying numbers, like the IMEI number or MAC address.

What is a User ID?

Web browsers typically create a user identifier profile upon installation that includes information like your processor, storage, screen resolution, and operating system. This profile is assigned a unique identifier that the browser stores locally in a cookie.

What is Chromium?

Chromium is a free and open-source browser “foundation” developed and maintained by Google. Developers can compile the code “as is” and distribute it as a basic Chromium browser or compile it to include proprietary components and unique designs. The latter group includes Brave, Epic Privacy Browser, Google Chrome, Microsoft Edge, Opera, and Vivaldi.

What is Google Safe Browsing?

Google Safe Browsing is a service provided by Google. It contains a database of known websites containing malware and phishing content. This database is available to internet service providers and used by Chrome, Firefox, Safari, and Vivaldi. According to Google, this service protects over 4 billion devices each day.

All wireless devices encrypt their connections by default. Well, usually. Some public Wi-Fi networks may not use encryption even if your device does, which is why you should use the best VPN tools in that case or tether from a mobile internet connection instead.

But at home or in the office? We connect our devices to Wi-Fi and think nothing more of it. It’s super secure, right? Right??

Maybe. Maybe not.

Your connections are encrypted, sure, but is your gateway or router fully secure? Are all the security holes patched to keep hackers out? Did you create an uncrackable password? If you can’t say “yes” to any of these questions, then your network is in dire need of a security check. Like, pronto. We walk you through a list of security flaws and tell you how to fix them.

Flaw #1: Outdated firmware leaves you vulnerable

Firmware is another name for the router’s operating system. It’s software that manages the hardware, and like any other operating system, it’s never fully bulletproof—there are always gaps in the code that can give unwanted hackers access to your network.

The good news is software engineers continuously fill these holes with new updates. The bad news is your router may not automatically update the firmware to the latest, most secure version, leaving your network wide open for a possible remote attack.

Solution

Nearly all standalone routers, gateways, and mesh systems enable automatic firmware updates by default. You’re normally required to enable this feature during the setup, or it’s already enabled, and the router checks for new updates before you can use it.

But there are exceptions. We’ve tested a few ASUS routers that don’t have auto updates enabled out of the box. Yes, the possibility of a failed update is real and could leave your router as an expensive paperweight, but the chances of that happening are extremely rare.

That said, we provide a separate guide on how to update your router’s firmware to the latest and greatest version.

Flaw #2: Easy Wi-Fi passwords invite strangers and hackers

Creating an easily guessed Wi-Fi password based on something familiar—like a child’s name, a pet, or your address—is convenient for sure, but it also leaves your Wi-Fi network vulnerable to hackers lurking nearby.

Solution

Unlike the admin password, most modern routers, gateways, and mesh systems don’t force you to create a unique Wi-Fi password. The supplied one is already unique to that device—which wasn’t the case in years past—but you should change it to be safe. The complexity of it depends on you, but remember, you can always share the Wi-Fi login credentials using a QR code or another method supported by the router’s mobile app. We provide a separate guide on how to share your Wi-Fi password from your phone.

Still, we suggest using a passphrase with letters (upper and lower), numbers, and symbols. For example, “Ch!ck3nP33k@b00” uses unrelated words and is much harder to guess and crack than “h0m3n3tw0rk.” You can also use a password manager to create your password or allow your mobile devices to make one for you, which is usually just a string of numbers and letters you’ll never remember but is easy to retrieve from your device’s settings.

Check out our guide on how to change your Wi-Fi password for more information.

Flaw #3: Using the router’s default login can leave you open to hackers

Your router has a public side (the internet) and a private side (your home network). That means anyone can access your router—whether it’s remotely or locally—if you have the worst router login credentials ever created. An easily cracked password allows hackers to infiltrate your router, gateway, or mesh system and control your entire network—including your wired and devices.

Solution

This issue really only applies to older routers that accept commonly used login information like admin/password. Modern routers, gateways, and mesh systems now force you to create a unique administration password during the setup using letters (upper and lower), numbers, and symbols—there’s no getting around it.

But if you have an older router or gateway and you never changed the login username and password, do so now. Consult our guide on how to log in to your router using a web browser (or an app if your router supports it)—the setting you want is usually found under Advanced > Administration. Most mesh systems don’t have a web interface you can use, so you can change the info only in the app.

Flaw #4: WPS opens your network to hackers

Wi-Fi Protected Setup (WPS) helps devices connect to your wireless network upon first use without the need for a password. You either press a button on the router or use an eight-digit PIN. 

But there’s a consequence for that ease of use: WPS is vulnerable to brute-force attacks, which is a trial-and-error method to determine login info.¹ A hacker could discover the PIN’s first four digits—there are only 11,00 possible combinations—and then uncover the next four. Free tools you can easily download from the internet can crack the PIN in 4 to 10 hours.

Solution

Your best defense is to update your firmware and disable WPS (if possible). The method of disabling WPS depends on the manufacturer, but here we’ll use the NETGEAR Nighthawk RAX80 as an example.

Using the web interface

Step 1: Connect to the router’s Wi-Fi.

Step 2: Open a browser and type in routerlogin.net.

Step 3: Click on the ADVANCED tab displayed on the left.

Step 4: Click on WPS Wizard listed on the left and follow the instructions to disable this feature.

Flaw #5: Guests can download illegal content

There’s nothing wrong with giving friends and external family members access to your home’s network, but you also don’t want them downloading questionable content using your internet connection. You certainly don’t want the FBI knocking at your door, and that could happen if guests download anything they want.

Solution

Create a second “guest” connection for everyone who lives outside your home. This virtual network keeps visitors off your primary connections and limits the number of devices that have access. Plus, you’re not sharing your main network’s password.

With a guest network, you can limit bandwidth, block websites, set connection times, and more per device. We provide a separate guide on how to set up a guest Wi-Fi network.

Flaw #6: Children have unlimited access to explicit content

The internet is both a blessing and a curse for parents. On one hand, kids and teens can find the information they need. They can play games online with friends and take remote classes. Unfortunately, they can access inappropriate and unwanted content with just a single URL.

Solution

We provide a guide on how to set up parental controls on a router to protect your kids and teens. Here, you can block and allow specific sites, block and allow specific devices, and set hours of use.

Some routers handle parental controls through a specific section within the router’s interface. You can also click on a device to manage the connection, use profiles to set the parental controls for each child, and manually block websites you don’t want the entire house or office to access.

Flaw #7: Remote access invites hackers

Remote access allows you to load the router’s interface over the internet, like from a hotel room in another state. Combined with a default or lousy password, anyone can gain access from anywhere and change its settings to route all your internet traffic to nefarious websites.

Solution

Old-school remote access through the web interface really isn’t a thing anymore. Many routers still include it, but it’s disabled by default since it’s such a security risk. You can typically find Remote Access controls in the router’s Administration section if you ever need to use it or simply want to verify it’s toggled off.

However, modern routers, gateways, and mesh systems now allow you to manage your network from afar through a mobile app and a linked cloud account, so you really don’t need the web-based remote management tool anymore.

Flaw #8: Your router broadcasts the manufacturer’s name

Click or tap on your device’s Wi-Fi icon, and chances are you’ll recognize some of the names on the resulting list: Linksys, NETGEAR, and so on. Owners of these routers never changed the default Service Set Identifier (SSID) name, which is the wireless network’s public name.

Why is that a problem? Anyone who sees “Linksys” or “NETGEAR” will know that someone owns one of these routers. With this information, hackers can launch an attack tailored to your router, break into your network, and steal your data.

Solution

Generally, you’re encouraged to change the default SSID during the setup. If you disable Smart Connect (band steering), you create a new SSID for each band. You can rename them to anything, whether it’s something simple or a label just to annoy your neighbors. Have fun or be practical—it’s all up to you.

If you never changed the SSID, you can do so through the mobile app provided by the manufacturer or by using the web interface. The following instructions use the TP-Link Archer AXE75 router as an example.

Using the web interface

Step 1: Connect to the router’s Wi-Fi.

Step 2: Open a browser and type in tplinkwifi.net.

Step 3: Select Wireless listed on the left.

Step 4: Select the Wi-Fi connection you want to change.

Step 5: Enter the new SSID name and save your changes.

Using the Tether app

Step 1: Connect to the router’s Wi-Fi.

Step 2: With the Home tab selected, tap on Wireless.

Step 3: Select the Wi-Fi connection you want to change.

Step 4: Enter the new SSID name and save your changes.

Related content

• How to Know If Someone Is Stealing Your Wi-Fi
• How to Keep Your Router Secure
• Best VPNs of 2021
• How to Change Your Wi-Fi Network Name and Password

The best way to protect your Wi-Fi network is to know what your router, gateway, or mesh system can do. We tend to change a few settings in our router apps and move on with life, but if you look closely, you can probably adjust other settings and your own personal habits to make your Wi-Fi network even safer than before.

We walk you through nine suggestions that should help make your Wi-Fi network safer to use—but not before we highlight a few refresher suggestions you’ve probably read a billion times over. We’ll be quick about it. We promise.

Before we begin: The settings you probably already changed (or didn’t need to)

Many how-tos you find (including some of ours) tell you to do this, to do that, and to do that too. But based on the dozens of routers we’ve set up and tested, we can guarantee that you’ve already completed most of the blanket suggestions during the initial setup. Let’s take a quick look.

Settings you changed during setup

Set a new administrator and account password

You were asked to create one or two things, depending on the model:

• A password or passcode containing letters, numbers, and symbols to access the router locally.
• A cloud account, like TP-Link ID and MyNETGEAR, using a password or passcode containing letters, numbers, and symbols to access the router or system locally or remotely.

This step is unavoidable. Hopefully, you created strong ones. If not, log back in and do so now. Like, pronto.

Set the Wi-Fi network name(s) and password(s)

This step is usually next. Here you were supposed to change the network name and password—two or three times if you disabled Smart Connect (a.k.a. band steering). If you’re still using the defaults, load up the web interface or app and change them now.

Settings you didn’t need to change during setup

Here are a few more features that were automatically enabled when you set up your router or mesh system.

Encryption

Routers and mesh systems enable encryption by default, so you had nothing to do during the setup. WPA3 is the latest version, although many still default to WPA2 Personal. Never, ever turn off encryption. Never. Ever. It can leave you vulnerable to a host of problems, like hackers.

Firewall

Routers and mesh systems automatically enable the firewall by default. In many cases, you can’t even disable it. Your computers have firewalls enabled by default, too, but you can always ensure they’re active by following our guide on enabling or disabling a firewall.

Automatic updates

Routers and mesh systems automatically update their firmware by default. Based on our testing, ASUS is the only company requiring you to enable automatic updates manually. If it’s not already, you should enable this feature or manually update the firmware.

Read our guide on how to update your router’s firmware for more information.

How to secure your home Wi-Fi network

Now, with the setup settings out of the way, we can jump into our nine suggestions for increasing the security of your Wi-Fi network. Some you may have read before, so consider them as Refresher Wi-Fi 101.

Suggestion #1—Use the built-in security features

Security features are a hit or miss in terms of what you get for free on a router, gateway, or mesh system. For example, TP-Link’s HomeCare suite for its standalone Archer-branded routers includes content filtering, website blocking, and antivirus. In contrast, HomeShield on its other routers and mesh systems locks antivirus and some parental controls behind a subscription.

Still, in both cases, you can manually block specific websites and services network-wide for free to keep friends and family safe. You can also block apps and websites on a per-profile basis using routers and mesh systems that support them.

The website and service-blocking function isn’t just a TP-Link thing, either. It’s typical across nearly every router and system we’ve tested to date.

Suggestion #2—Use QR codes to share Wi-Fi login info

Using QR codes should be your next step in protecting your Wi-Fi network. You worked hard to create a unique password or passphrase, right? The last thing you want is for someone to text, write down, or blurt it out to everyone entering your home—especially if you’re running an Airbnb or renting a room.

To prevent your password from ending up on a napkin, share it using a QR code. All routers and mesh systems have this capability in their mobile apps. Be sure to check out our guide on how to share your Wi-Fi password from your phone for more information.

Suggestion #3—Use profiles

Profiles are usually associated with parental controls, but they’re a good way to identify devices and lock them down to specific individuals accessing your Wi-Fi network, not just kids.

As previously mentioned, you can block specific users from accessing a website, app, or content type, like a troublesome teen who refuses to stop streaming those “free” movies still playing in theaters. This tool is essential in preventing them from downloading suspicious apps that can unleash malware across your network.

What’s also useful is you can pause their internet access indefinitely or just block every device they own. However, not all standalone routers support profiles and those that do may lock features behind a subscription. All mesh systems use profiles with some paid and premium features.

Suggestion #4—Enable connection alerts

Technically, this feature doesn’t secure your Wi-Fi network. Instead, it presents a notification on your screen whenever a wired or wireless device joins your network. If it’s a device you don’t recognize, you can quickly jump into the mobile app or web interface and block it. Case closed, and ask questions later.

Let’s look at an example of how this works. Suppose you didn’t use a QR code to share the Wi-Fi password with a family member. You created a profile and assigned their devices to that profile.

Soon you discovered the family member was downloading pirated movies, so you used the profile to block all their devices. The sneaky sneak then connects a new device to the network using the password you previously provided.

When the device connects for the first time, you receive an alert on your screen. You either block the device immediately or add it to the profile (which we recommend) and block it. Can you tell we deal with teens? It feels like a second job. Seriously.

Of course, connection alerts apply to any strange device that accesses your Wi-Fi, like a hacker who managed to figure out your easy-to-guess password.

Suggestion #5—Create a separate network for guests and IoT devices

Allowing friends and family to access your Wi-Fi network is okay. They’re people you can trust to use your internet connection responsibly—well, usually. If they get out of hand, you can always pause their internet or block their devices if you follow our previous suggestions to create profiles and enable connection alerts.

But for people you don’t really know, we suggest creating a guest network to separate their devices from yours. Technically, you’re all still on the same Wi-Fi network, but your guests use a virtual one that prevents their devices from accessing your devices, like a computer with shared folders or a network printer. Some routers and mesh systems allow you to give the guest network access to your local devices, but we suggest you keep the network isolated to prevent possible malware infections.

IoT devices should be on a separate network, too. Some routers allow you to create a third network specifically for IoT device use. If your router doesn’t, create a second “guest” network even if you never plan to provide Wi-Fi access to strangers (who can always use their mobile data). This virtual network helps keep your devices safe from a possible attack carried out by hackers infiltrating your IoT devices.

Read our guide on how to set up a guest Wi-Fi network for more information.

Suggestion #6—Disable remote management

Web-based remote management really isn’t a thing anymore, but some routers still offer it. In short, you can access the router’s web interface and change the settings from anywhere, but it can be an easy entry point for hackers—especially on older routers with their original login credentials still intact. Toggle this feature off if it’s not already.

However, don’t confuse web-based remote management with the cloud-based one. Most routers and all mesh systems now support remote management through cloud accounts and mobile apps. You can also disable this feature on standalone routers if you never intend to use it outside your Wi-Fi network.

Here are a few examples of where you can find the remote management setting:

Suggestion #7—Disable Universal Plug and Play (UPnP)

Universal Plug and Play (UPnP) was initially designed to connect and use devices on a wired network without manually installing drivers or configuring settings. Now, many moons later, nearly all Wi-Fi routers support UPnP and enable it by default.

The problem is there are no means to authenticate and authorize UPnP devices, so they all essentially “trust” each other. They’re also now exposed to the internet, so a hacker can fool your router by posing as a UPnP device and march right in to infect every device you own with malware.

To keep hackers out, we suggest disabling UPnP. The drawback is UPnP devices use virtual connections (ports) to communicate, which are opened automatically with UPnP enabled. You’ll need to manually configure these ports on the router for your UPnP devices to work.

Here are a few examples of where you can find the UPnP setting based on the routers we’ve tested:

Suggestion #8—Disable Wi-Fi Protected Setup (WPS)

Wi-Fi Protected Setup (WPS) is supposed to be an easy way to connect any wireless device to your Wi-Fi network. You don’t need the password to do so, either—simply press the WPS button on the router, or enter the supplied eight-digit PIN. Easy, right?

The security issue lies with the PIN. Hackers can use software in a brute-force attack to uncover and use that PIN to take control of your Wi-Fi router and network. Why leave it on if you never plan to use the WPS function?

Unfortunately, some routers, like the NETGEAR Nighthawk RAX80 and RAXE500, don’t allow you to disable WPS.

Suggestion #9—Schedule a reboot

Your standalone router, gateway, or mesh system router has two addresses: a private one that faces your devices and a public one assigned by your internet provider. The second address is viewable by all internet devices—including those controlled by hackers. It’s usually refreshed every 14 days, but you should reboot your router weekly to keep the target off your back. A reboot also clears any junk in the router’s memory that could reduce your speeds.

Unfortunately, some routers don’t have the means to schedule a reboot, so you’ll need a smart plug you can schedule to cut the power for a minute once a month (which may or may not work, depending on the router) or set yourself a reminder.

Here are a few examples of where you can find the setting based on the routers we’ve tested:

Read more about how often you should reboot your router for more information.

Other suggestions

Add a firewall router

Want to really secure your Wi-Fi network? Get a wired firewall router. It sits between your modem or ONT and your Wi-Fi router or mesh system. Its sole purpose is to thoroughly examine every bit of data that flows to and from your modem or ONT, so your speeds will be slower than usual.

The Cisco Meraki Go GX50 is a good example. You can create up to four virtual networks and assign each to an Ethernet port. So, in theory, your Wi-Fi router can be on one network and your wired devices on another. You can isolate these networks or let them mingle—whatever works best for you.

But the GX50’s biggest selling point is how it thoroughly inspects all traffic, giving you an extra layer of security at the cost of reduced speeds. Some routers have a similar “stateful” firewall you can toggle on, but again, you’ll see a speed reduction since the deep inspection takes longer to process.

Hide your network name

Changing your Wi-Fi network’s name is smart. The default ones usually include the manufacturer’s name, which you want to avoid broadcasting to every hacker in the vicinity. Even if they see you have a NETGEAR router, your chances of getting hacked are slimmer now that manufacturers use random passphrases for setting up routers instead of static passwords. Still, you’d like to be as anonymous as possible. No sense in baiting the nefarious, right?

That’s probably why you’ll see suggestions to hide your network name altogether—even after you created something so unique and cool that you hoped would be applauded each time your neighbors saw it on the Wi-Fi list. But with your network name broadcast disabled, anyone searching for a Wi-Fi network will see “Hidden” instead of the name you painstakingly chose.

But keep this in mind: You’re hiding the Wi-Fi network from your neighbors, but hackers can see your network’s name by using software to eavesdrop on your devices’ unencrypted requests before they fully connect to Wi-Fi. In other words, your “hidden” network isn’t completely hidden, so disabling your network name broadcast is kinda pointless in terms of hiding from hackers.

Use a Virtual Private Network (VPN)

Virtual Private Networks (VPNs) don’t protect your Wi-Fi network as a whole—they protect individual connections, so this suggestion isn’t part of our main list.

For example, you may subscribe to ExpressVPN, but the only way to use it with your Xbox or PlayStation is to add the console’s IP address to your ExpressVPN account. After that, you enter the provided ExpressVPN DNS server IP address into the console’s settings. If anything, you’d use the router to create a static IP address for the console so it doesn’t change.

The only exception is if a router includes a VPN client. In this case, you’d enter your ExpressVPN login credentials directly into the router’s web interface. Now, every device connected to the router is redirected to the ExpressVPN network, including your devices that don’t support VPN software (like the Xbox).

Not all routers, gateways, and mesh systems have built-in VPN clients.

Our verdict: Know your router’s capabilities

Based on all the routers and mesh systems we’ve tested, you must set a new admin password, Wi-Fi name, and Wi-Fi password before you can even use your new network. There’s no getting around it, and hopefully, you made the right choices to keep your Wi-Fi network, devices, and people safe. Other features are automatically selected for you, so we didn’t zero in on those suggestions.

Overall, routers, gateways, and mesh systems have some free security you can utilize, like blocking websites and services, but you may have to dig into the web interface to use them. Most now also support QR codes and connection alerts, so you can safely share your Wi-Fi credentials and see who connects in real time.

Protecting your Wi-Fi network isn’t difficult, but you must be proactive. Block websites. Set filters. Create profiles. Disable unused features. Take the time to really dig into what your router or mesh system can do so everyone in your home can safely use the internet.

More resources

• Is My Wi-Fi Slow Because of My Router or My ISP?
• Improve Your Wi-Fi Speed in 10 Simple Steps
• Mesh Router vs. Wi-fi Extender: Which Is Right for You?
• How To Extend Your Wi-Fi Range
• How Safe Is Free Wi-Fi?

Data effective 4/9/2022. Offers and availability may vary by location and are subject to change.

Our pick: Which free parental control software is best?

The best free option for parental controls is easily Kurupira Web Filter. It gives you a huge amount of control over the content your kids can stumble upon online. It even has blacklisting and whitelisting options that many paid programs lack. There are no arbitrary limitations on the number of users or devices that can use it, and it doesn’t try to upsell you after a brief trial period. Unfortunately for Mac users, it’s only available on Windows.

The 3 best free parental controls

• Best overall: Kurupira Web Filter
• Best monitoring app: Life360 Family Locator
• Best freemium: Qustodio Free

Data effective 4/9/2022. Offers and availability may vary by location and are subject to change.

Finding good options that are also free adds an additional challenge. Most parental controls provide a free trial period, but an actual free solution has to give you permanent access to the features you need. Freemium options can be good choices because, while they give you the ability to upgrade for more features, you still have a fully-functional piece of software at no cost. A free 3-day trial is not the same as an actual free version.

There are a lot of good free options out there, but each generally specializes in one or two things. You probably need different pieces of software for different purposes. If you want a single parental control system that covers all your devices and gives you all the tools you need for both mobile and desktop, you won’t find one for free.

If a more versatile option sounds worth paying for, check out our review of the best parental control tools to see if one of these options works for you.

Free parental controls FAQ

Using a VPN (virtual private network) slows down your internet connection. According to our research, you’ll see Wi-Fi speeds drop by as much as 77% as soon as you sign onto a VPN. 

But you can still maintain reliable Wi-Fi speeds if you get a quality, subscription-based VPN. And you can keep your internet running smoothly as well if you keep your router updated and placed in a centralized location in your home.

Here’s a quick guide on how a VPN impacts internet bandwidth. We’ll explain why your speeds get slower with a VPN and recommend the best VPNs to maintain fast speeds.

Jump to: Best VPNs for speed | Test your VPN speed | Why do VPNs slow your internet speed? | How to improve VPN speed

Jump to:

• Best VPNs for speed
• Test your VPN speed
• Why do VPNs slow your internet speed?
• How to improve VPN speed

What are the best VPNs for internet speed?

NordVPN, ExpressVPN, and Surfshark consistently rank as the fastest VPNs among reviewers and experts—and they’re generally considered the best VPNs for privacy and other features, too. All three use efficient, up-to-date encryption protocols and have enough servers so you’re less likely to experience major network congestion when you sign on.

Private Internet Access, Hotspot Shield, and CyberGhost are also well-known VPNs and have performed excellently in many speed tests. Private Internet Access also boasts the most servers of any VPN in the world, giving you more options to choose from. Hide.me isn’t as fast, but it’s a great free VPN service that doesn’t eat as much bandwidth as most free VPNs.

Want to see how a VPN impacts your speed? Take a speed test

Take our speed test to see if your VPN is slowing down your internet.

Even the best VPN speeds can fluctuate daily. Your internet speed can also easily be impacted by a range of other factors, including your internet provider, the connection type, your plan, and the router you’re using. But a speed test gives you a ballpark estimate of how different VPNs impact your bandwidth.

Here’s a quick rundown on how to do it.

How to test VPN speed

Step one: Run a speed test with your VPN disabled. Write down the results.

Step two: Turn on the VPN and run the test again. Write down these results as well.

Step three: Compare the two speeds to see how they are different.

Step four: Repeat the process a few times throughout the day to see how the numbers differ.

Why does a VPN slow down your internet?

A VPN slows down your internet because it adds multiple extra steps to the process of getting data from your home internet network to your internet provider and back.

VPNs work by letting you sign on to a separate server—usually located in a different state or foreign country. This creates a virtual tunnel that masks your online activity, IP address, and location, keeping you safe from hacking and online surveillance and giving you access to websites that you might not be able to visit otherwise (like foreign versions of Netflix).

But encryption takes up bandwidth, routing a VPN through a foreign server increases latency (especially if it’s a server located in a distant state or country). A VPN’s own server bandwidth and efficiency can also impact your speed. If a VPN server is crowded with other users, it can lead to slower speeds and a less reliable connection.

On the flip side, a VPN can also combat speed throttling from an ISP, as it masks the kind of data you use. So if your provider, say, caps video streaming at 5 Mbps, using a VPN could potentially improve your speed.

How much speed do you need?

Not everyone needs the fastest internet in the world—but having fast internet definitely helps ensure a smooth connection even when a slow VPN is in play. Use our “How Much Internet Speed Do I Need?” tool to see what bandwidth is best for your home setup.

How can you make a VPN faster (or at least not as slow)?

It’s hard to predict just how much a VPN may slow your internet speed because a lot of factors play into the speeds you’re getting. But there are a few things you can do to make sure you’re getting the most out of your VPN, speed-wise.

Avoid free VPNs

Free VPNs might work if you’re on a budget, but they typically don’t perform as well as subscription-based VPNs. They have fewer servers, so you have to share a single server with more users, and some are also loaded with malware that drains your bandwidth or even hijacks it for nefarious purposes. Also, some lesser VPNs collect your user data and sell it to make money, which is another good reason to avoid them.

To ensure the best speeds—not to mention the best security and other features—stick to a well-vetted VPN that costs a monthly or annual subscription.

Switch your VPN server location

The best VPNs host servers all over the world. Some servers may perform better than others, depending on where they’re located and how many users are on each one. Try picking a server close to you to reduce the amount of time it takes to route your data to and from the VPN server.

Use the WireGuard protocol

Although OpenVPN is the most common and best-respected VPN protocol in use today, a newer protocol called WireGuard has been drawing positive attention since it launched in early 2021. Speed tests show it to be faster and more efficient than OpenVPN—although the latter still remains stronger for privacy.^{1, 2}

Most top-rated VPNs allow you to switch between different protocols, and NordVPN specifically supports WireGuard. You can switch between protocols on your VPN by going to the settings menu. Also, you can adjust the protocol settings to make your speeds faster.

Get a better VPN

Of course, if you’re experiencing consistent speed issues on your VPN, you can always try a new VPN to see if it fares better. NordVPN, ExpressVPN, and Surfshark are often the top-rated VPNs, but there are plenty of others worth trying. See our guide to the best VPNs for recommendations.

Sources

1. JP Jones, TopVPN.com, “Wireguard vs. OpenVPN,” March 11, 2022. Accessed April 14, 2022.
2. Sven Taylor, RestorePrivacy, “Wireguard VPN: Secure and Fast, but Bad for Privacy?” January 10, 2022. Accessed April 14, 2022.

More about VPNs and internet speed

• Best VPNs
• Fastest VPNs
• How Can I Tell If My ISP Is Throttling My Internet?

You can do several things right now to amp up the security on your router or gateway and keep those pesky hackers out. Start by changing the router’s default login credentials if you haven’t done so already. Also, change the wireless network’s name to something other than the manufacturer’s name, like from Linksys88578.

Those two changes are just a few examples. We’ll walk you through seven steps to beef up the security on your router or gateway, such as changing passwords, updating firmware, and ensuring you’ve picked the correct settings to create an impenetrable fortress.

First, log in to your router

Most of our instructions require you to dig into the router’s settings. You will need four things before we begin:

• Username
• Password
• IP address or custom URL
• Web browser or router app

Generally, you can find the information you need on a label affixed to the bottom of the router—especially if you never changed the default credentials.

For more in-depth instructions on how to find your default IP address and log in, check out our simple step-by-step guide on how to log in to your router.

Now, let’s get started!

More resources:

• How to Find the Best Wi-Fi Channels on Your Router
• Where Is the Best Place to Set Up Your Router?
• How to Move Your Router to a Different Room
• How to Connect Your Computer to Your Router with a Wired Connection
• How to Find Your IP Address