Stolen Wi-Fi isn't just a loss of internet speed. It's a threat to your data security, the risk of virus infection, and even the possibility of personal information theft. If you notice your internet slowing down for no apparent reason, or unknown devices appearing in your list of connected devices, your network is being used by unauthorized users.
The problem is exacerbated by the fact that many users limit themselves to the default router settings, which are easily bypassed. For example, a factory password like admin or 12345678 It can be hacked in minutes. Even if you set a strong password, scammers can still connect through protocol vulnerabilities. WPS or intercept traffic using outdated encryption standards.
In this article - 9 Proven Ways to Secure Your Wi-Fi, from basic to advanced. You'll learn how to configure your router so that even experienced hackers can't connect to your network, and what to do if a hack has already occurred.
1. Change the default password and network name (SSID)
The first thing attackers check is the router's factory settings. If your network name (SSID) looks like this: TP-Link_1234 or Keenetic-5G, and the password for the control panel is admin, then hacking will take no more than 5 minutes.
How to change password and SSID:
- 🔧 Go to your router's control panel. The address is usually
192.168.0.1or192.168.1.1(indicated on the device sticker). - 🔑 Enter your login and password (default -
admin/adminoradmin/empty). - 📝 Find the section
Wi-Fi(orWireless network) → change network name (SSID) to a unique one, without specifying the router model. - 🔒 In the field
Password(orKey) Set a combination of at least 12 characters, with numbers, letters, and special characters. Example:W7f#k9Lp$2mQ!.
⚠️ Attention: Avoid using personal information (such as your last name, address, or apartment number) in your network name. This makes it easier for hackers to launch targeted attacks.
2. Choose the right encryption standard
Even a complex password is useless if your router uses an outdated encryption protocol. For example, WEP it can be hacked in a few seconds, and WPA (without version specification) has critical vulnerabilities.
Which standard to choose:
- ✅ WPA3-Personal — the most secure today. Supported by modern routers (ASUS RT-AX88U, TP-Link Archer AX6000 and others).
- ⚠️ WPA2-PSK (AES) — reliable, but becoming outdated. If your router doesn't support WPA3, choose this one.
- ❌ WPA/WPA2 Mixed - is dangerous because it allows connection via a vulnerable WPA.
- ❌ WEP or Open network — equivalent to lack of protection.
📌 Where to change: In the router control panel, find the section Wi-Fi Security (or Wireless Security) and select WPA3-Personal or WPA2-PSK [AES].
| Encryption standard | Security level | Speed of work | Support for older devices |
|---|---|---|---|
| WPA3-Personal | ⭐⭐⭐⭐⭐ | High | No (only devices after 2018) |
| WPA2-PSK (AES) | ⭐⭐⭐⭐ | Average | Yes |
| WPA/WPA2 Mixed | ⭐⭐ | Low | Yes |
| WEP | ⭐ | Very low | Yes |
3. Disable WPS – the main loophole for hackers
Technology Wi-Fi Protected Setup (WPS) It was intended to simplify connecting devices using a PIN code or a push-button. However, due to vulnerabilities in the protocol, it has become the primary method for hacking Wi-Fi. A brute-force attack against a PIN code takes several hours to a day, and even a novice can carry it out.
How to disable WPS:
- Go to your router control panel.
- Find the section
WPS(may be calledQSS,Wi-Fi Protected SetuporQuick setup). - Select an option
Disable WPSorDisable. - Save the settings and reboot the router.
⚠️ Attention: On some routers (D-Link DIR-300, Zyxel Keenetic Lite) WPS is enabled by default. If there is no option to disable it, update your device's firmware.
What happens if I don't disable WPS?
Hackers can guess the PIN code even without physical access to the router. Once hacked, they gain full access to the network, can change DNS settings (redirect you to phishing sites), or infect devices with viruses through protocol vulnerabilities. UPnP.
4. Hiding the network (SSID) - does it work or not?
Many users believe that if you hide the network name (Hide SSID), then outsiders won't find it. This is a myth: experienced hackers can easily detect hidden networks using traffic analyzers (Wireshark, Airodump-ng). However, hiding the SSID will make things more difficult for casual "freeloaders".
How to hide a network:
- 🔍 In the router control panel, find the section
Wi-Fi settings. - 👁️ Check the box next to
Hide SSID(orHide SSID). - 🔄 Save the changes and reboot the router.
⚠️ Attention: Once hidden, the network will no longer appear in the list of available networks. To connect, you'll need to manually enter the SSID on each device. This is inconvenient for guests, but it improves security.
5. MAC address filtering: reliable or not?
Filter by MAC addresses Allows you to only allow certain devices to connect. This method is theoretically secure, but in practice, MAC addresses are easy to spoof. However, it will make life difficult for most Wi-Fi thieves.
How to set up filtering:
- Find out the MAC addresses of your devices:
- On Windows: run the command
ipconfig /allVCMDand find the linePhysical address. - On Android:
Settings → About phone → General information → Wi-Fi MAC address. - On iOS:
Settings → Wi-Fi → ⓘ next to the network → MAC address.
- On Windows: run the command
MAC filtering (or MAC Filtering).⚠️ Attention: If you have guests often, this method will create inconvenience. The alternative is to use blacklist (disable specific MAC addresses), but this is less reliable.
Find out the MAC addresses of all your devices|
Enable filtering in router settings|
Add addresses to the whitelist|
Save settings and reboot the router-->
6. IP and DHCP Restrictions: How They Work
Another way to control is to link devices to specific ones. IP addresses. By default, the router distributes IP automatically via DHCP, but you can disable this feature and assign addresses manually.
How to restrict access by IP:
- 📌 In the router panel, find the section
DHCPorLocal Area Network (LAN). - 🔢 Turn off
DHCP server(or set the range of IP addresses to be issued with192.168.0.100to192.168.0.150, to limit the number of connections). - 🖥️ In the section
IP-MAC binding(orARP Binding) create rules for your devices, specifying their MAC and desired IP.
⚠️ Attention: If you disable DHCP, new devices won't be able to connect to the network automatically. You'll have to manually enter the IP address, subnet mask, and gateway on each device.
Important: IP to MAC binding does not protect against experienced hackers, but when combined with other methods, it significantly complicates hacking.
7. Updating your router firmware – why is it critical?
Manufacturers regularly release firmware updates that patch vulnerabilities. If your router is running an older version of the software, it can be hacked through known vulnerabilities (for example, KRACK For WPA2 or vulnerabilities in UPnP).
How to update firmware:
- 🔄 Go to the router control panel → section
SystemorService. - 📥 Find
Firmware update(orFirmware Upgrade). - 🔍 Check the current and available versions. If there is an update, download it from official website manufacturer.
- ⚙️ Upload the firmware file via the web interface and wait for the router to reboot.
⚠️ Attention: Don't interrupt the update process! This may brick your router. If the network doesn't work after the update, perform a factory reset (press the button). Reset for 10 seconds).
What to do if the firmware does not update?
If the router does not find updates automatically:
1. Download the firmware manually from the manufacturer's website (specify the exact model!).
2. Unzip the archive (if necessary) and upload the file via the web interface.
3. For older models (TP-Link TL-WR740N, D-Link DIR-615) firmware may be required via TFTP server.
8. Additional measures: VPN, guest network, and monitoring
Even after all the settings are set up, the risk of hacking remains. To minimize damage, use additional methods:
- 🛡️ VPN on a router: Set up OpenVPN or WireGuard directly on the router (supported) ASUS RT-AC86U, Netgear Nighthawk). This encrypts all traffic, even if the network is hacked.
- 🏠 Guest network: Create a separate network for friends with limited access to local resources (set up in
Guest networkorGuest Network). - 📊 Connection monitoring: Use apps like Fing (Android/iOS) or built-in router tools (
Client list) to track unknown devices. - ⏰ Wi-Fi Schedule: Turn off the network at night or when you are away (setting
ScheduleorWi-Fi Timer).
⚠️ Attention: If you find an unknown device on the network, immediately change your Wi-Fi password and check the router for malware (for example, through Dr.Web CureIt! for routers).
Frequently Asked Questions (FAQ)
Is it possible to find out who is connected to my Wi-Fi?
Yes. Go to the router control panel → section Client list (or Connected Devices, DHCP Clients). Connected devices will be listed there, along with their MAC addresses, IP addresses, and names (if broadcast). Unknown devices can be blocked using MAC filtering.
What should I do if my neighbor has already hacked my Wi-Fi?
Urgently:
- Change your Wi-Fi password and the password for your router's control panel.
- Disable WPS and update firmware.
- Check your DNS settings (they should be your provider's addresses, not third-party ones, like
8.8.8.8or unknown IP). - Reset your router to factory settings (button
Reset) and configure it again.
If the problem persists, contact your provider—it's possible their equipment was hacked.
Does disabling DHCP help against hacking?
No, this doesn't protect against hacking, but it does make it more difficult for unauthorized devices to connect. A skilled hacker can spoof the MAC address and manually assign a static IP address. Use this method in conjunction with others (a strong password, WPA3, or disabling WPS).
Which router is the most secure against hacking?
Among household models, the best protection is offered by:
- ASUS RT-AX88U — WPA3 support, built-in antivirus AiProtection.
- Netgear Nighthawk RAXE500 — hardware encryption, DDoS protection.
- TP-Link Archer AX11000 - regular firmware updates, isolated guest network.
- MikroTik hAP ac³ — advanced filtering settings (for experienced users).
Important: Even the most secure router is vulnerable if not configured correctly.
Can I get my money back if my neighbor stole my Wi-Fi?
Technically, yes, but it's complicated. You need:
- Record the fact of unauthorized connection (screenshots from the router panel, logs).
- Contact your provider with a request to recalculate your traffic (if your tariff is limited).
- If the damage is significant (for example, exceeding the limit by 100+ GB), you can file a lawsuit, but this requires evidence and an expert opinion.
It's easier to prevent a hack than to prove its consequences.