When your internet starts to slow down or you suddenly lose access to your router settings, it's often a sign that your network is being used by unauthorized people. wireless network Not only does it steal your traffic, but it also poses a direct threat to the security of personal data stored on connected devices. Attackers can intercept passwords for banking apps or inject malware into your local network.
Modern routers have a wide range of security features, but many of them are disabled by default or set to a minimum security level for the sake of user convenience. hacker If your phone line is blocked or a nosy neighbor is simply unable to use it, a comprehensive equipment setup is required. This will take no more than 15-20 minutes, but will provide long-term peace of mind.
In this article, we'll explore the most effective methods, from basic password changes to advanced address filtering settings. You'll learn how to spot suspicious activity and block unwanted connections at the hardware level.
Diagnostics: How to detect other people's connections
Before setting up a defense, you need to be sure there's an intruder. The first sign of an intrusion may be a sharp drop in internet speed or a flashing indicator light. WLAN on your router when your devices are inactive. However, relying solely on indirect signs isn't recommended, as speed drops can be caused by issues with your ISP.
The most reliable way is to log into your router's control panel. To do this, enter the gateway's IP address in the browser's address bar, usually 192.168.0.1 or 192.168.1.1After logging in, find a section that may be called Wireless Statistics, Client list or DHCP Client ListThis displays a complete list of devices currently connected to your access point.
⚠️ Warning: If you see a device with an unfamiliar name or MAC address, don't panic. It could be a smart plug, a TV, or a guest's gadget that forgot to turn off. First, check the list against your existing devices.
To automate the process, you can use specialized utilities on your smartphone, such as Fing or Network ScannerThey scan the network and display all active IP addresses, network card manufacturers, and open ports. This allows you to quickly identify, for example, an unknown laptop or someone else's phone.
Basic protection: changing the password and encryption type
The simplest and most effective barrier is a complex password for the wireless network itself. Many users leave the factory settings or use simple combinations like "12345678," which are automatically generated by programs in seconds. Go to the wireless settings (Wireless Settings) and find the field for changing the security key.
It is critical to choose the right encryption algorithm. Outdated standard WEP It's easy to hack, so its use is absolutely unacceptable in modern conditions. The optimal choice is the mode WPA2-PSK (AES) or the newest WPA3, if your hardware and client devices support it.
When creating a new password, follow these digital hygiene rules:
- 🔒 Use at least 12 characters, combining upper and lower case letters.
- 🔢 Be sure to include numbers and special characters (!, @, #, $).
- 🚫 Do not use personal information: dates of birth, pet names, or phone numbers.
After changing the password, all previously connected devices will lose their connection. You'll have to re-enter the new key on every smartphone, tablet, and laptop in your apartment. This is a small price to pay for the assurance that only trusted people have access to the network.
MAC address filtering: whitelists and blacklists
One of the most reliable security measures is the use of MAC filtering. Each network device has a unique physical address (MAC address), which is assigned by the manufacturer and does not change when reconnecting. The router can operate in two modes: allowing connections only to devices on the "White List" or, conversely, blocking specific addresses from the "Black List."
To set up this method, you first need to know the MAC addresses of all your devices. On Windows, this is done via the command line with the command ipconfig /all, and on Android or iOS, you can find the information in the "About phone" or "About this device" section of the Wi-Fi settings. After that, in the router interface (Wireless MAC Filtering) add these addresses to the allowed list and activate the filter.
This method has its own characteristics that are worth considering:
- ✅ High reliability: even if they know the password, an outsider won't be able to connect without an authorized MAC address.
- ❌ Inconvenience: to connect a new guest, you will have to manually enter their address into the router settings each time.
- ⚠️ Vulnerability: A skilled attacker can "clone" the MAC address of your trusted device if they intercept it over the air.
Despite the possibility of bypassing, for home use, enabling the "Whitelist" is an excellent additional security measure in conjunction with a complex password. This creates a double barrier that is virtually impossible for a casual user to overcome.
☑️ Setting up MAC filtering
Hiding the network name (SSID) and disabling WPS
Your network name, or SSID, is broadcast by default, and anyone with a phone will see it in the list of available connections. You can hide the network by selecting the option Disable SSID Broadcast or "Hide Network Name" in the wireless settings. This will remove the network from the general list, and you'll need to manually enter the network name and password on your device to connect.
Another critical vulnerability is the function WPS (Wi-Fi Protected Setup). It's designed to quickly connect devices with the push of a button, but it often contains software vulnerabilities that allow someone to guess the PIN code and gain network access within a few hours. It's recommended to find the "Wi-Fi Protected Setup" section in your router's menu. WPS and completely disable this feature (Disable).
Comparison of protection methods:
| Method of protection | Level of implementation complexity | Efficiency | Ease of use |
|---|---|---|---|
| Complex WPA2/3 password | Short | High | High |
| MAC filtering | Average | Very tall | Low |
| Hiding the SSID | Short | Average | Average |
| Disabling WPS | Short | High | High |
Hiding the SSID isn't a panacea, as professional scanners can still detect hidden networks, but it will deter 95% of casual users looking for "easy" Wi-Fi. Combined with disabling WPS, you eliminate the two most common attack vectors for home networks.
Is it possible to restore access to a hidden network?
Yes, if you know the exact network name (SSID) and password. On Android smartphones, when connecting to a hidden network, you need to select "Add network" and manually enter all the parameters, including the security type.
Setting up a guest network for visitors
If you frequently have guests or rent out your property, giving them access to your main network is unsafe. Modern routers, such as TP-Link Archer, Asus RT or Keenetic, have the "Guest Network" function (Guest Network). This creates a virtual access point with a separate name and password.
The main advantage of guest mode is isolation. Devices connected to guest Wi-Fi only have internet access and are not visible to your computers, network-attached storage (NAS), or printers. You can set speed limits or password expiration times so that access is automatically terminated after guests leave.
To configure, find the item in the menu Guest Network, turn it on and set the parameters:
- 📶 A separate network name (e.g. Home_Guest).
- 🔑 A unique password different from the main one.
- ⏳ Optional access timer (available on advanced models).
Using a guest network segment is a sign of good digital hygiene. Even if a friend's phone is infected with a virus, they won't be able to transfer it to your main computer, as the network segments are logically separated by the router software.
Firmware update and additional measures
A router's software, or firmware, contains not only functionality but also patches for security vulnerabilities. Manufacturers regularly release updates that patch holes through which hackers can gain administrative access to the device. You can check for updates in the section System Tools → Firmware Upgrade.
Don't forget to change the default password for accessing the router settings (admin/admin). If an attacker connects to your network, they can easily access the control panel if you've left the default settings and redirect all traffic to their server. Create a strong password for the administrator account.
⚠️ Note: Router interfaces may vary from manufacturer to manufacturer. The location of menu items such as "Wireless" or "Security" depends on the model and firmware version. If you can't find the option you need, please refer to the official manual for your model.
Rebooting your router regularly is also beneficial: it clears RAM and resets temporary network sessions, which can sometimes help clear stuck connections. However, remember that after a reboot, all settings may revert to their previous state if they aren't saved permanently, so be sure to click the "Save" button (Save) after any changes.
What should I do if my router is old and doesn't support WPA2?
In this case, security is at risk. It's recommended to upgrade your equipment to a modern model, as older encryption protocols (WEP, WPA) can be cracked in minutes using readily available tools.
Frequently Asked Questions (FAQ)
Can my neighbor see what websites I visit if he connects to my Wi-Fi?
If a neighbor simply connects to your network, they won't be able to see your activity in real time without sophisticated traffic sniffing techniques. However, if you use unencrypted protocols (HTTP instead of HTTPS), your data could theoretically be intercepted. Using a VPN completely solves this problem.
Will my router reset if I turn off the power?
No, all changes you confirm with the "Save" or "Apply" buttons are saved to the device's permanent memory. A short power outage or a scheduled shutdown of the router will not reset your security settings, passwords, or filters.
Does the number of connected devices affect internet speed?
Yes, the channel bandwidth is divided among all active users. If several people connect to your Wi-Fi and start watching 4K videos, your device's speed will drop significantly. The maximum number of clients is limited (Max Clients) helps to reserve the resource.
How often should I change my Wi-Fi password?
It's recommended to change your wireless network password every 3-6 months, especially if you suspect you may have shared it with someone. It's also mandatory to change it if you've sold or given away your router, to prevent the new owner from accessing your old settings.