The situation when internet speed suddenly drops to a minimum, and unfamiliar names appear in the list of connected devices, is familiar to many home network owners. Unauthorized access Accessing your access point not only steals traffic but also poses serious security risks to personal data stored on computers and smartphones. An attacker who gains access to your local network can access shared folders, printers, and even run malware.
Fortunately, modern routers Wi-Fi routers and routers have a powerful arsenal of security features that allow you to effectively control your connection. In this article, we'll explore proven methods for restricting Wi-Fi access for other users, from simple password changes to advanced MAC address filtering. You'll learn how to identify suspicious users and block them at the hardware level.
The first step should always be diagnostics. Before setting up complex filters, you need to ensure that the problem is truly Wi-Fi hijacking, and not due to provider outages or interference from neighboring networks. Unique identifier MAC address of each device is a key tool for accurately identifying an intruder, as it is extremely difficult to counterfeit without special knowledge.
Analysis of connected clients and identification of violators
Before resorting to drastic measures, you need to know exactly who is using your channel. Most modern routers, whether TP-Link, Asus or MikroTik, have a built-in connection log. Log in to the admin web interface, usually accessible at 192.168.0.1 or 192.168.1.1, and find the section Status or Wireless Statistics.
Compare the list of MAC addresses in the router interface with the addresses of your personal devices. You can find the address in your smartphone settings (under "About phone" or "Wi-Fi information") or by using the command ipconfig /all in the Windows command prompt. If you see a device you can't identify, this is cause for concern.
Pay attention to data transfer activity. Some advanced firmware versions allow you to see the current download speed for each client in real time. If an unknown device is actively downloading files or watching 4K video, this will immediately be reflected in the network load graph.
⚠️ Warning: Some hacking tools may disguise the device name, displaying it as "Unknown" or "Android" to blend in. Use the MAC address as a primary indicator.
Basic protection: changing the password and encryption type
The easiest and most effective way to banish all unwanted guests from your network is to change your Wi-Fi password. This will force the connection to all connected devices to be disconnected, requiring a new password to log back in. It's important not to use simple combinations like "12345678" or your birthday.
In the wireless network settings (Wireless Settings) Make sure you select the most modern encryption protocol. The current standard is WPA3, however, most devices still work fine with WPA2-PSK (AES)Avoid using the outdated WEP protocol, which can be cracked in minutes even by a novice.
When creating a new password, use a random character generator or a long phrase consisting of several words, replacing letters with numbers. The password must contain at least 12 characters, including uppercase and lowercase letters, numbers, and special characters.
☑️ Strong Password Checklist
After changing your password, you'll have to reconnect all your trusted devices. This is a small price to pay for guaranteed security and the confidence that only those you've shared your new code with have access.
MAC address filtering: whitelists and blacklists
MAC filtering is one of the most reliable control tools. It allows you to create a "whitelist" (Allow List) containing only approved devices. All others, even with the password, will be unable to connect to the network.
To configure, find the section Wireless MAC Filtering in the router menu. You'll need to copy the MAC addresses of all your phones, laptops, and smart bulbs. Filtering mode should be set to Allow (Allow) or Whitelist.
| Filtration type | Operating principle | Security level | Ease of use |
|---|---|---|---|
| Blacklist | Blocks only selected addresses | Short | High |
| Whitelist (Permission) | Blocks everyone except the selected ones | Maximum | Low (labor intensive) |
| Guest network | Isolates guests from the main network | Average | High |
Using a "deny list" is less effective because MAC addresses are easily spoofed. If you block an intruder, they can simply change the MAC address on their card and reconnect. Therefore, using a whitelist is recommended for critical networks.
How to change the MAC address on a computer?
In Windows, this can be done through the Device Manager. Find your network adapter, go to Properties → Advanced tab → Network Address. Enable the option and enter any 12-digit code. On Android, this requires root access or special network emulation apps.
Setting up guest access for visitors
If you often have friends or clients who need internet access, don't give them your main network password. Guest network (Guest Network) creates an isolated access point with its own name and password.
The main advantage of a guest network is isolation. Guest devices are invisible to your computers, NAS storage, and printers. Even if a guest's smartphone is infected with a virus, your main home network will remain secure.
You can set restrictions for the guest network in your router settings: speed limit, time limit, or blocking access to certain ports. This is ideal for temporary access.
⚠️ Note: Router interfaces from different manufacturers may differ. Some models (for example, older versions) D-Link) the guest network may not support the WPA3 protocol, operating only in WPA2 mode.
Hiding the network name (SSID) as an additional measure
Hiding your SSID (Service Set Identifier) makes your network invisible to regular users. When searching for available networks on a phone or laptop, your neighbors simply won't see your network name in the list.
However, this isn't complete protection. Experienced users and dedicated Wi-Fi scanners can easily detect hidden networks based on their service data packets. Furthermore, hiding the SSID can cause connection issues with some smart devices, such as IoT- gadgets and old printers.
This feature only makes sense when used in conjunction with other measures, such as a strong password and MAC filtering. Hiding the network name is ineffective as a standalone security method.
Disabling WPS and remote control
Technology WPS Wi-Fi Protected Setup (WPS), which allows you to connect with the push of a button, contains vulnerabilities that attackers exploit to brute-force your PIN. Even if you have a strong password, enabling WPS can be a security breach.
In the router's web interface, find the section WPS and switch it to the state Disabled (Disabled). This action will close one of the most common hacking loopholes.
Also check your remote control settings (Remote Management). This feature allows you to configure your router from the internet. If you don't need to manage your home network while on vacation, you should disable this feature to prevent anyone from accessing your equipment's settings.
Frequently Asked Questions (FAQ)
Can my neighbor steal my Wi-Fi if I changed the password?
If you've changed your password to a strong one (WPA2/WPA3) and disabled WPS, it's virtually impossible to steal your Wi-Fi. The only possible scenario is if you gave someone the password and they passed it on, or if your neighbors are using powerful antennas to brute-force it (which is unlikely with modern encryption).
Will my internet speed decrease after enabling MAC address filtering?
No, filtering occurs at the router controller level and has virtually no impact on data transfer speed. The load on the router's processor when checking addresses is negligible.
What should I do if I've blocked myself through a MAC filter?
You'll need to connect your computer to the router using an Ethernet (LAN) cable. A cable connection isn't usually blocked by Wi-Fi filters. After connecting via cable, go to settings and disable filtering or add your address to the allowed list.
Does my ISP see that other devices are connected to my Wi-Fi?
Your ISP sees all traffic passing through your router, but it usually doesn't care how many devices are on your local network. However, if other users start downloading illegal content or carrying out hacker attacks, you, as the contract holder, may be held accountable.
How often should I change my Wi-Fi password?
At home, it's enough to change your password every 6-12 months or immediately after you stop trusting one of the previously connected users (for example, after a party or when tenants leave).