Affiliate Disclosure: As an Amazon Associate I earn from qualifying purchases.
Many people will not realize it, but the router can be considered one of the most important devices you have in your home. It connects many other devices, and the Internet, together and is, therefore, a prime target for hackers to try and exploit. Unfortunately, many routers will come with insecure configurations and exploits easily findable online, so it is important to take a few necessary steps to help secure both your router and your home network as a whole.
There are many easy ways to help better secure your router and home network as a whole, including changing the SSID that gets presented, turning off WPS, scheduling the times in which your Wi-Fi network is available, and using a DNS.
1. Change Your Router Username and Password
When you receive a router from your Internet Service Provider (ISP), it will arrive with a predetermined username and password which is usually printed on the back of the device.
Many people will not think twice about this and keep both the username and password as they are, but it is quite worrying how well known they are, and how easy it is for knowledge of usernames and passwords to reach the Internet.
It is, therefore, good practice to change the username and password used to login to your router.
The label that contains the username and password should tell you how to access your router’s settings. This usually involves typing an IP address into your web browser and logging in.
This IP address will vary from one manufacturer to the next, but it will often look something like 192.168.0.254.
Once logged in (using the default username and password), you will be able to change both.
Remember to set the password in particular to something secure that uses a mixture of uppercase and lowercase letters, numbers, and symbols.
Related article: Do You Need a Router If You Have a Modem?
2. Change Your SSID
Another default setting pre-configured by the manufacturer of your router is the SSID (Service Set Identifier), also known as the network name.
This is the name that shows up when scanning for available network connections on a device.
Usually, the SSID will reference the router manufacturer or your ISP in there somewhere. Examples being NETGEAR1865 (NETGEAR) or VM48962 (Virgin Media).
The big drawback to keeping this default SSID is that it makes it obvious as to what type of router you are likely using to cybercriminals. They could research exploits for this specific type of router and potentially find ways of being able to access it.
Changing the name of your SSID will avoid this problem, but just remember not to use any personal information that could be used to identify you.
Have a look online as there are plenty of ideas for SSID names that will give people nearby scanning for a network a bit of a laugh.
3. Turn off WPS
Not all routers will have it, but some will have what is known as WPS (Wi-Fi Protected Setup).
This is a feature that makes it easier to connect wireless devices to a network. It involves simply pressing a button marked as WPS on the router to allow devices to connect without the need for a password.
It is, of course, unlikely that criminals would have physical access to your router, but to be on the safe side and remove the risk completely, turn off WPS.
This can be done within your router’s settings.
4. Ensure Your Router Firewall Is Turned On
Most routers will have an in-built firewall that can be turned off and on.
A firewall is essentially a filter that is designed to block unauthorized access whilst still letting safe network traffic through.
Once again within your router’s settings, make sure it is enabled. The firewall won’t be perfect, but it is much safer turned on than being off.
Other Internet security tools will also often include their own firewall for that extra layer of protection if you feel that the router firewall doesn’t do a good enough job on its own.
5. Stop Broadcasting Your SSID
Most home networks will be broadcasting their SSIDs.
This is convenient in the sense that you can simply scan for a connection on whatever device you are using, but stopping the broadcast is an easy way of being able to improve security on your network.
Again, this is achieved within your router’s settings. Noticing a trend here?
This does greatly improve security as people won’t be able to detect your network when scanning for available connections, but do remember you are not exempt from this.
Your devices won’t be able to detect it either and as a result, you’ll have to manually enter the network name whenever you wish to connect a new device to the network.
This is one of those cases where you need to balance up convenience and security and decide which you care more about.
6. Change Your Network Password
In addition to having a predefined router username and password, and network name, you’ll also have a network password that is decided by the router manufacturer.
This is the password that is used to get a device connected to the network and is usually a string of random letters and numbers.
Now, these passwords are generally pretty secure given that they use random characters, but that’s not to say you shouldn’t change this password too. In fact, it is good practice to do so to secure your router and your network further.
You’ve probably already guessed where you can change your network password, but I’ll tell you anyway.
Yep, you guessed it. Your router’s settings.
Read more: What is a Network Security Key?
7. Use WPA2
Older routers may still be using WPA (Wi-Fi Protected Access) which is now dated and considerably more vulnerable to hacking compared with the more up-to-date security standards.
If you have the option on your existing router, make sure it is using WPA2 instead. This is the modern security standard that is considerably more secure than WPA.
Check within your router’s settings if you have the option to switch.
If you don’t, I would strongly suggest upgrading your router to one that does use WPA2.
8. Update Your Router’s Firmware
As is the case with many other devices, routers will receive updates to fix issues, provide extra features and improve security.
It is, therefore, recommended to make sure your router is kept fully up to date and doesn’t become vulnerable through using out of date firmware.
Most routers will update themselves automatically, but it wouldn’t hurt to routinely log in to your router and check to see if there is an update available.
9. Use a Different DNS
Using a different DNS service not only adds a bit of security to your network, but you could find web pages load that little bit faster too.
Switching away from your ISP’s DNS service and using an alternative offered by the likes of Google, OpenDNS, Cloudflare, or Pi-Hole will help prevent popups, redirects and those annoying “you made a typo in the web address so you will now be redirected to a webpage full of spam and ads” messages that many ISPs typically use.
This can be considered a good option for parents looking to provide that bit of extra safety for their children online, too.
You can configure the kid’s devices to use a service like OpenDNS and enable parental controls to keep them off potentially harmful sites, whilst you use an alternative service to browse the Internet without any restrictions in place.
You may also like: Best Wi-Fi Router for Parental Controls: Buyer’s Guide
10. Use MAC Address Filtering
Every device has a unique MAC address (Media Access Control) which is essentially an identifier for that particular device.
Within your router’s settings, you will have the option to only allow access to devices that use an approved MAC address.
Rather than know the MAC address of each device you want to allow, you can instead see a list of currently connected devices with their MAC address and use this to allow or deny access as needed.
You can, of course, find the MAC address of a device, usually within the settings. Certainly, on an iPhone or Android device, this information is kept within the “About” menu, so I would first look there on your device if you are not sure.
If still in doubt, a quick search online will point you in the direction of finding the MAC address of your device.
11. Schedule Your Wi-Fi
If you work a normal 9-5 or have a pretty regular schedule during the week, and have no reason to remotely connect to your home network, you may want to consider using your router’s scheduling feature – if it has one – so your network is not available when you are not around.
For some people, this won’t be practical, especially if like me, you have a bunch of smart devices around your home that require an Internet connection to function, but for those that don’t, why do you need your Wi-Fi on and accessible when it’s not needed?
One thing’s for sure.
Hacking a network that doesn’t exist is quite difficult for even the most experienced hackers.
12. Disable Remote Management and Other Unwanted Features
Chances are you don’t want to be configuring your router when you aren’t actively connected to your wireless network.
If your router has some advanced services like remote administration or remote management, make sure these are disabled.
If you need to make any changes, you can do so when you are back home and connected to your secure home network.
13. Use a Guest Network
If your router has the option to broadcast a guest network, take advantage of it.
As you have probably gathered from the name, it allows you to grant your guests access to a Wi-Fi connection without exposing them to the rest of your home network. This could include your smart devices, networked printers, and shared files and folders.
It is unlikely that your friends and family that visit you would have any intentions of hacking your network but letting them connect to your primary network could result in them changing something in error or potentially access a document you’d rather they didn’t see.
Not only that, but it also adds in an extra hurdle for anyone that is trying to access your network without your permission. Even if they do somehow manage to connect to your guest network, you have the reassurance that they won’t be able to take control of your devices or your router.
If you do decide to use a guest network, I would suggest combining this with tip number 5 and stop broadcasting your SSID.
This way, anyone visiting will only have visibility of the guest network and the primary network is reserved for those that know the SSID.
Final Thoughts
These were 13 easy ways to secure your router and home network – I found you found it useful.
Here is a quick roundup of all the tips so you can refer back to it again in the future if you need to:
- Change the username and password for your router
- Change your SSID (network name)
- Turn off WPS
- Make sure the router firewall is enabled
- Stop broadcasting your SSID
- Change your network password
- Make sure your router uses WPA2
- Update your router’s firmware
- Considering using a different DNS service
- Considering using MAC address filtering
- Turn off remote management and configuration
- Use a guest network
