Many users are familiar with the situation when the internet starts to slow down and unfamiliar devices appear in the list of connected devices. This isn't just a sign of a poor signal or a provider outage, but a direct indicator that someone else has connected to your network. Unauthorized access Connecting to your home Wi-Fi not only means lost traffic and reduced speed, but also poses a serious threat to the privacy of your personal data, bank cards, and correspondence.
A hacked router becomes an open door for attackers, allowing them to intercept traffic, inject viruses into connected devices, or even use your internet connection for illegal activities that the police can track using your IP address. That's why basic security settings The router should be serviced immediately after installation, not after years of operation.
Modern security methods allow you to close most vulnerabilities, making your network virtually invulnerable to common "neighborly" hackers and automated scanners. In this article, we'll cover specific steps to strengthen the perimeter of your home network using the standard features of any router, whether it's TP-Link, Asus, Keenetic or MikroTik.
Changing the factory administrator credentials
The first step, which the vast majority of users ignore, is abandoning the default passwords for logging into the router control panel. Factory combinations like admin/admin or admin/1234 are known to everyone, and specialized hacking software checks them first. If you leave this data unchanged, anyone within range can gain complete control of your device.
To change your password, you need to log into the router's web interface. This is usually done through a browser at 192.168.0.1 or 192.168.1.1After entering the standard data, find the section System Tools, Administration or SystemHere you need to set a complex password containing letters of different upper and lower case, numbers, and special characters.
⚠️ Attention: After changing the administrator password, be sure to write it down in a safe place. Restoring access to the router without knowing the new password is only possible by performing a full reset using the button.
Reset, which will require re-configuring the Internet from scratch.
Don't use simple words or dates of birth as your admin password. Hackers use dictionaries of popular passwords, and cracking such protection takes seconds. A strong password is the foundation on which everything else is built. security of the entire network.
Setting up a strong encryption protocol
A key element of wireless network security is the encryption protocol that encodes the transmitted data. Older standards such as WEP and even WPA, are considered outdated and vulnerable. They can be hacked even on a mobile phone using specialized apps in a matter of minutes.
In the wireless settings (Wireless Settings) it is necessary to choose the most secure protocol. Currently, the gold standard is WPA3, which provides improved protection against brute-force password attacks. If your hardware doesn't support WPA3, use WPA2-PSK (AES)It is important to avoid mixed compatibility modes (TKIP+AES), as they often reduce overall security to the weakest link level.
Your Wi-Fi password should be at least 12 characters long. Short passwords are vulnerable to dictionary attacks. Choose a passphrase that's easy for you to remember but difficult for a machine to guess. For example, a combination of words and characters like MyCoffee#IsHot!2026 will be much more reliable than qwerty12345.
Changing your Wi-Fi password regularly, at least every six months, is also a good practice. This is especially important if you suspect someone may have learned your access key, or if you've had guests over and shared your password with them.
Hiding the network name (SSID) and MAC filtering
Hiding your network name (SSID Broadcast) is a method of "security through stealth." When this feature is enabled, your router stops broadcasting its presence, and it won't appear in the list of available networks on your neighbors' phones. To connect, you'll have to manually enter the network name on each new device.
However, you can't rely solely on hiding the SSID. Advanced scanners can easily detect hidden networks based on their service data packets. Therefore, this method should be used in conjunction with MAC address filteringEvery network device has a unique identifier—a MAC address. You can create a "whitelist" in your router settings, allowing access only to specific devices.
| Method of protection | Hacking difficulty level | Impact on convenience | Recommendation |
|---|---|---|---|
| Hiding the SSID | Short | Average (manual input) | Use as a supplement |
| MAC filtering | Average | High (must enter each device) | Effective for static networks |
| WPA3 Encryption | Very tall | Low | Required for use |
| Guest network | High | Low | Recommended for guests |
MAC address filtering requires initial setup: you need to find the addresses of all your phones, laptops, and TVs and enter them in the router interface. After that, even with the password, anyone else won't be able to connect, as their physical address won't be on the allowed list.
How to find out the MAC address of a device?
On Windows: Open a command prompt and type ipconfig /allFind the "Physical Address" line. On Android: Settings -> About Phone -> Status or in the Wi-Fi section -> Details. On iOS: Settings -> General -> About.
Organizing guest access
A common mistake is sharing the main network password with guests or connecting weakly secured smart home devices to it. If a hacker breaks into a vulnerable smart light bulb, they can gain access to the entire network, including your computers and banking data. The solution is to create guest network (Guest Network).
A guest network creates an isolated Wi-Fi segment. Devices connected to it have internet access, but they can't see each other and, most importantly, can't access your primary devices or files on network attached storage (NAS). You can configure this in the "Guest Network" section. Guest Network or Guest area.
You can set specific rules for the guest network: limit the speed, set a password expiration time, or block access to certain resources. This is ideal for parties or when visiting relatives.
☑️ Setting up a guest network
Client Isolation is an optional feature worth enabling. It prevents devices within the guest network from communicating with each other, preventing the spread of viruses from one guest's phone to another's tablet.
Disabling unnecessary functions and ports
Modern routers are equipped with many features that the average user doesn't need, but which can become a backdoor for attackers. These include WPS (Wi-Fi Protected Setup), Remote Management and UPnP.
The WPS function, which allows connection by pressing a button or using a PIN code, has critical vulnerabilities. Brute-forcing a WPS PIN code takes several hours even on low-end hardware. In the wireless security settings (Wireless Security) find the option WPS and put it into a state Disabled or Off.
⚠️ Attention: The Remote Management feature allows you to administer your router from anywhere in the world. Unless you're an advanced user who absolutely needs this feature, disable this feature. It opens a port to the outside world, making the router visible to bot scanners.
It's also worth checking the list of active services. If you don't use an FTP server, DLNA, or the router's built-in torrent client, it's best to disable them. The fewer services running, the fewer potential entry points for attack.
Updating the router firmware
A router's firmware is the device's operating system. Like Windows or Android, it may contain bugs and security holes that become known after the device's release. Manufacturers regularly release updates to patch these vulnerabilities.
Check for updates is usually located in the section Administration, System Tools or Software update. Some modern models (Keenetic, Asus, MikroTik) can update automatically. If this feature isn't available, visit the manufacturer's official website, download the latest firmware version for your model, and install it via the web interface.
It's important to download firmware only from official sources. Installing modified versions of software from untrusted sources may contain malicious code that will turn your router into part of a botnet.
The update process may take several minutes, during which time your internet connection will be unavailable. Do not turn off the router during this process to avoid damaging the software.
Additional protection measures and monitoring
Even after all the settings, it is useful to periodically check the list of connected clients (Attached Devices, Client ListIf you see a device that doesn't belong to you, immediately change the Wi-Fi password and block it by MAC address.
Use parental controls or your router's firewall to restrict access to suspicious websites. Some routers allow you to integrate DNS filters (for example, DNS-over-HTTPS (or third-party services like AdGuard DNS) that block ads and phishing sites network-wide.
Physical security is also important. Make sure the router is located in a location where it can't be easily accessed and pressed. ResetAn attacker with physical access can reset the settings in 10 seconds.
What to do if the router has already been hacked?
Perform a full reset using the reset button on the case. Go to settings and immediately change the administrator and Wi-Fi passwords. Update the firmware. Scan your computers for viruses, as they may have been infected over the network.
A comprehensive approach to security combines technical settings with your own vigilance. Regularly monitoring logs and staying up-to-date on new threats will help keep your network secure.
Frequently Asked Questions (FAQ)
Can a neighbor steal my password if I haven't told it to anyone?
Yes, if you have a weak encryption protocol (WEP) or a very simple password, it can be cracked using specialized software. Viruses could also steal your password from your computer or phone if it was saved there in cleartext.
Is it safe to use apps to control your router from your phone?
Official apps from manufacturers (TP-Link Tether, Asus Router, Keenetic) are safe if you use a strong password to log in to your account and don't connect to public Wi-Fi networks without a VPN when managing your router.
Does enabling WPA3 encryption affect internet speed?
On modern devices (manufactured after 2018), you won't notice any difference in speed. However, older devices may simply not connect to a WPA3 network because they don't support it.
Do I need to change my Wi-Fi password if I change my provider?
If you've kept your old router, it's essential to change the password, as the old one may have been compromised. If your ISP has issued new equipment, it's best to change the default password on the sticker to your own immediately after setup.