A sharp drop in internet speed and the appearance of devices with unknown MAC addresses in the router's client list are clear signs that someone has connected to your Wi-Fi network. Such unauthorized connections not only steal traffic but also give attackers access to personal photos, messages, and banking data, so it's absolutely impossible to ignore the possibility of a wireless network being hacked.
The first thing a home network administrator needs to do is identify the intruder and understand their method of intrusion. Most often, the problem lies in a password that is too simple or a vulnerability in the encryption protocol. WPA2There are several proven methods that can effectively "kick out" an intruder and close the door to future break-in attempts.
In this article, we'll cover the technical aspects of router security in detail, from changing passwords to setting up filtering by hardware address. You'll learn how to use the administrative tools provided by hardware manufacturers to fully control the list of connected clients. Remember, the security of your digital environment depends solely on you.
Network diagnostics and detection of intruders
Before taking active steps to block it, you need to verify that a third-party device has actually connected to the network. Users often confuse background processes on smart devices with external intrusion. First, log into your router's control panel by entering the gateway IP address (usually 192.168.0.1 or 192.168.1.1) in the browser's address bar.
In the admin interface, find a section that may be called Client List, Wireless Status or "Client List." This displays all devices currently communicating with the router. Look closely at the list: you'll see device names (e.g., iPhone-Ivan, SmartTV-LG) and their MAC addresses.
If you discover a device with an unfamiliar name or from a strange manufacturer that isn't present in your home, it's a sure sign of a hack. Modern routers often display the connection type and data transfer speed for each client, which helps identify suspicious activity. For example, if a TV is streaming 4K video, it will consume significant bandwidth, which will immediately catch your eye.
For accurate identification, it's recommended to check the MAC addresses of all your personal devices. This can be done in your phone or laptop settings under "About Phone" or "Status." Write down all known addresses, and any remaining ones will be considered an illegal connection.
Emergency change of password and encryption type
The fastest and most drastic way to disconnect all users, including other people's phones, is to change the wireless network password. Once the new settings are applied, all devices will be automatically disconnected and will be unable to reconnect without entering a new security key. This action should be the first step in detecting a hack.
In the wireless settings (Wireless Settings) Find the password entry field (Pre-Shared Key). Create a complex combination that includes mixed-case letters, numbers, and special characters. Don't use birthdays or simple sequences like 12345678, as they are selected by special programs in seconds.
Pay special attention to the encryption method you select. Make sure that the security settings are set to WPA2-PSK or WPA3, if your router supports it. Obsolete protocol WEP or the "No Security" (Open) mode provide no protection, allowing hackers to intercept traffic even without knowing the password.
⚠️ Note: After changing your password, you will need to reconnect all your personal devices (smartphones, tablets, smart lamps). Make sure you have physical access to them to enter the new key.
MAC address blocking via web interface
If you don't want to change the password for all devices but need to disable a specific phone, use MAC address filtering. This method allows you to create a "blacklist" of devices that will be denied network access at the router hardware level. It's a more flexible tool than simply changing the access key.
To implement this function, find the section in the router menu MAC Filtering, Access Control or "MAC Address Filtering." Interfaces may vary between manufacturers (TP-Link, Asus, Keenetic, D-Link), but the logic is the same. You'll need the MAC address of the intruder you identified during the diagnostics.
☑️ Setting up (Blacklist)
In the filtering settings, select the "Deny/Blacklist" mode. Then add the MAC address of the other phone to the rules table. After saving the settings and rebooting the router, the specified device will lose the connection and will not be able to reconnect, even if it knows the correct password.
| Parameter | Meaning / Description | Recommendation |
|---|---|---|
| Filtering mode | Deny (Prohibit) | Use to block specific devices |
| Filtering mode | Allow | Use only for whitelists (more difficult to configure) |
| Rule status | Enabled | The rule must be active to work. |
| MAC address | XX:XX:XX:XX:XX:XX | Unique identifier of the device's network card |
It's important to understand that an experienced user can spoof (clone) their device's MAC address to that of an authorized device. Therefore, this method is effective against ordinary neighbors, but not against professional hackers. However, in 95% of cases, this is quite sufficient for a home network.
Setting up a guest network to isolate traffic
Often, the need to disable someone else's phone arises because you've given your guests a password, and they, in turn, have shared it with others. To avoid such situations in the future and keep strangers out of your main network, use the Guest network (Guest Network). This feature is available in almost all modern routers.
A guest network creates a separate access point with its own name (SSID) and password. Its main advantage is isolation: devices connected to the guest Wi-Fi don't have access to your shared folders, printers, or other devices on the local network. They only have internet access.
What is the difference between a guest network and a main network?
The guest network operates on a separate virtual interface. Even if the guest is infected with a virus, they won't be able to transmit it to your computer because the router blocks communication between network segments.
You can set restrictions for the guest network, such as a speed limit or a time period. For example, the password will only be valid from 6:00 PM to 11:00 PM. If someone tries to connect outside of these hours, the router will reject the connection. This is the ideal way to control access without permanent blocking.
If you detect suspicious activity in the guest segment, you can simply disable this feature with a single click, without affecting your primary devices. This provides an additional level of security and ease of access management.
Hidden SSIDs and Disabling WPS
One of the common security holes is the function WPS (Wi-Fi Protected Setup). It's designed to quickly connect devices with the push of a button, but it has critical vulnerabilities. Hackers can guess the WPS PIN and gain full access to your network without even knowing the master password.
First of all, go to your wireless network settings and find the item WPSMake sure this feature is completely disabled. While this loophole is open, any other security measures may be useless against automated brute-force attacks. Disabling WPS is a must for a secure network.
An additional stealth measure is to disable network name broadcasting (Hide SSID). If this feature is enabled, your network won't appear on the list of available Wi-Fi networks of your neighbors or passersby. To connect, you'll have to manually enter the network name and password on each new device.
⚠️ Warning: Hiding your SSID is not a reliable security method. Specialized scanners can easily detect hidden networks. Use this feature only as a supplemental measure, not as your primary defense.
The combination of disabled WPS and a complex password creates a serious barrier to most potential intruders. Don't rely on "security by obscurity," but use SSID hiding to reduce the number of automatic connection requests from unauthorized devices.
Updating the router firmware
Router manufacturers regularly release software updates (firmware), which fix identified security vulnerabilities. If you're using an older firmware version, your router may be vulnerable to known exploits that allow you to bypass Wi-Fi security.
Check your software version in the "System Tools" or "Administration" section. Often, the router can check for updates automatically by pressing a button. Check for UpdatesIf the automatic check doesn't work, visit the manufacturer's official website, find your model, and download the latest firmware file.
The update process requires caution. Do not interrupt the router's power while the new data is being transferred, otherwise the device may become bricked. All settings are usually saved after the update, but it is recommended to review them, especially security settings and passwords.
Modern router models such as Keenetic, Asus with AiProtection support or MikroTik, have built-in security systems that update automatically. If your router supports these features, be sure to enable them to continuously monitor network activity.
Frequently Asked Questions (FAQ)
Can my neighbor find out my Wi-Fi password?
Yes, if the password is simple or uses outdated WEP encryption. The password can also be discovered through the WPS function or if it was saved on a friend's device that the neighbor has access to. Use complex passwords and disable WPS.
Does the router owner see what websites I visit?
The router owner (administrator) can see a list of domains (e.g., youtube.com) you've accessed through the system logs. However, they won't be able to see the contents of your conversations or passwords on HTTPS websites, as this traffic is encrypted.
What should I do if I forgot my router admin password?
If the default password (admin/admin) has been changed and forgotten, the only way to regain access is to perform a reset. To do this, press and hold the Reset button on the router for 10-15 seconds. This will reset the router to factory settings, and the password will return to the default one (found on the sticker on the bottom).
Is MAC address blocking 100% reliable?
No, it's not 100% reliable. A MAC address can be spoofed (cloned) if an attacker knows the address of an authorized device. However, this method, combined with a strong password, is sufficient for protecting against regular users and neighbors.