How to Make a Closed Wi-Fi Network: Complete Protection from Neighbors and Hackers

An open Wi-Fi network is like an unlocked door to your home: anyone can come in, use your internet, or even steal your data. Statistics show Kaspersky Lab, 38% of home networks in Russia remain vulnerable due to basic configuration errors. Blocking Wi-Fi access isn't just a matter of saving data, but protection of personal information, banking transactions and smart devices from cyber threats.

In this article you will find current methods for 2026 For complete isolation of your network: from choosing the right encryption to hiding SSIDs and blocking devices by MAC addresses. We'll walk you through the settings using examples of popular routers (TP-Link, ASUS, Keenetic, MikroTik), and we'll also tell you how to check if strangers have connected to your network. If you're using provider equipment (for example, from Rostelecom or Beeline), the instructions will also work - the interfaces of most devices are unified.

Important: Even a hidden network with a password can be hacked in 10 minutes if the outdated WEP protocol or a weak password like "12345678" is used.We'll show you how to avoid these mistakes and make your network truly secure.

1. Why Open Wi-Fi Is Dangerous: Real Risks

Many users think, "So what, let my neighbors use my internet—I don't mind." In reality, the consequences can be much more serious:

  • 🔴 Identity theft: Through vulnerabilities in the router, hackers can intercept logins and passwords for social networks, email, or banks.
  • 🔴 Legal liability: If your IP is used to distribute pirated content or carry out cyber attacks, you will be held accountable.
  • 🔴 Network slowdown: each additional user takes up to 30% of the speed, especially when torrents or streaming.
  • 🔴 Hacking IoT devices: smart bulbs, cameras or speakers (Xiaomi, Amazon Echo) become a tasty target for botnets.

In 2026 Group-IB recorded a 42% increase in attacks on home routers—criminals are exploiting firmware vulnerabilities and weak passwords. For example, a botnet Mirai infects devices through open ports Telnet or SSHand then uses them for DDoS attacks. Even if you don't store any sensitive data, your router could become part of such a network.

⚠️ Attention: Providers often set default passwords on routers (for example, admin/admin or 1234). These combinations are the first thing hackers check. Always change the default logins!

2. Basic protection: choosing encryption and password

The first step to a closed network is proper encryption. Current standards:

Protocol Security level Speed ​​of work Device support
WPA3-Personal ⭐⭐⭐⭐⭐ High Devices after 2019
WPA2-PSK (AES) ⭐⭐⭐⭐ Average All devices
WPA2-PSK (TKIP) ⭐⭐ Low Obsolete devices
WEP ⭐ (hacked in minutes) Low Devices before 2006

The optimal choice is WPA3-Personal (if supported by the router) or WPA2-PSK (AES). Avoid WEP And WPA - hacking them takes less than 5 minutes using programs like Aircrack-ng.

Password requirements:

  • 🔐 Length not less than 12 characters (preferably 16+).
  • 🔐 A combination of letters (upper and lower case), numbers and symbols (!@#$%).
  • 🔐 Exclude words, names, and dates of birth from your dictionary.
  • 🔐 Don't use the same passwords for your Wi-Fi and router admin panel.

Example of a strong password: kL9#pR2@xQ!7vB4*To avoid forgetting, write it down in a password manager (KeePass, 1Password) or on paper (but not on the router itself!).

📊 What encryption protocol does your Wi-Fi use?
WPA3
WPA2 (AES)
WPA2 (TKIP)
WEP
Don't know

3. Hiding SSID: Pros and Cons

Hiding the network name (SSID) is a controversial security method. On the one hand, your Wi-Fi won't appear in the list of available networks, making it difficult for casual users to connect. On the other hand, experienced hackers can easily find a hidden network using traffic analyzers (Wireshark, inSSIDer).

How to hide SSID:

  1. Go to your router's control panel (usually at 192.168.0.1 or 192.168.1.1).
  2. Go to the section Wi-Fi → Basic Settings (the name may differ).
  3. Find the option Hide SSID (or Hide SSID, Enable Hidden Wireless) and turn it on.
  4. Save the settings and reboot the router.

After hiding, you will have to connect to the network manually by specifying the name (SSID) and password. Windows this is done through Control Panel → Network and Internet → Manage networks, on Android/iOS — in the Wi-Fi settings (option "Add network").

⚠️ Note: Hiding the SSID does not replace encryption! It's an additional measure that will only complicate things for inexperienced users. Always use it in conjunction with WPA3/WPA2 and a complex password.

4. MAC address filtering: how it works and is it worth using?

Filter by MAC addresses Allows you to restrict connections to specific devices. Each network device (smartphone, laptop, TV) has a unique MAC address that can be added to the router's "whitelist."

How to set up filtering:

  1. Find out the MAC addresses of your devices:
    • On Windows: ipconfig /all in the command line.
    • On Android: Settings → About phone → General information → Wi-Fi MAC address.
    • On iOS: Settings → General → About → Wi-Fi Address.
  • Find the section in the router panel Wireless Mode → MAC Filter.
  • Select mode Allow only specified (or Allow).
  • Add the MAC addresses of your devices and save the settings.
  • Advantages of the method:

    • ✅ Additional layer of protection.
    • ✅ Control over connected devices.

    Cons:

    • ❌ MAC addresses can be spoofed (MAC-spoofing).
    • ❌ It is inconvenient to add new devices (for example, for guests).
    • ❌ Does not protect against attacks on the router firmware level.

    MAC filtering is useful in conjunction with other methods, but not as a standalone solution. For example, in offices, it is combined with 802.1X- authentication (via Radius server).

    How to bypass MAC filtering?

    Hackers use programs like Technitium MAC Address Changerto spoof your device's MAC address with an authorized one. Therefore, this method is not reliable protection against targeted attacks.

    5. Disabling WPS and other vulnerable functions

    WPS (Wi-Fi Protected Setup) WPS is a feature for quickly connecting devices using a PIN code or a push-button. The problem is that an 8-digit PIN can be cracked in a few hours (and sometimes even minutes) using brute-force attacks. Even if you don't actively use WPS, the feature may be enabled by default.

    How to disable WPS:

    • Find the section in the router panel Wi-Fi → WPS or Wireless Mode → QSS.
    • Disable the option (usually a switch) Disable WPS).
    • If there is a separate WPS button on the router body, it should also be deactivated.

    Other dangerous features to disable:

    • 🚫 UPnP (Universal Plug and Play) - opens ports automatically, which can be used by malware.
    • 🚫 Remote control — allows you to configure the router from the Internet (risk of hacking).
    • 🚫 Telnet/SSH - If you don't use them, close these ports (23 And 22).

    On routers ASUS And Keenetic These settings are usually located in the section Administration → System or Security → Firewall.

    ⚠️ Please note: Some providers (eg. MTS or Third Transport Ring) may require UPnP to be enabled for IPTV or VoIP. In this case, restrict its operation to trusted devices only.

    6. Additional measures: guest network, VPN and monitoring

    Even with a closed main network, it is useful to set up guest Wi-FiThis is an isolated network with a separate password, which:

    • 🔒 Does not provide access to local resources (printers, NAS, smart devices).
    • 🔒 Limits the speed (you can select, for example, 10 Mbps from 100).
    • 🔒 Automatically turns off according to a schedule (for example, at night).

    How to set up a guest network using an example TP-Link:

    1. Go to Guest network (or Guest Network).
    2. Enable the option and specify a name (eg. MyGuestWiFi).
    3. Set a separate password (not the same as the main network!).
    4. Limit working hours (optional) Schedule).
    5. Tick ​​the box Isolate guests (Enable AP Isolation).

    For maximum protection, consider using Router-level VPNThis encrypts all traffic, including smart devices that don't natively support VPN. Popular solutions:

    • 🌍 OpenVPN (free, but requires setup).
    • 🌍 NordVPN or Surfshark (paid, but with ready-made configurations for routers).

    Finally, regularly check connected devicesThere is a section in the router panel DHCP clients or Connected devices, where all active MAC and IP addresses are visible. Unknown devices can be blocked or the network password can be changed.

    ☑️ Wi-Fi Security Check

    Completed: 0 / 6

    7. Firmware update: why it's critical

    Manufacturers regularly release firmware updates that patch vulnerabilities. For example, in 2026, a critical flaw was discovered. CVE-2026-30078 in routers D-Link And Netgear, allowing hackers to execute arbitrary code. If you don't update your firmware, your network remains vulnerable, even with the strongest password.

    How to update firmware:

    1. Find out the router model (usually indicated on the sticker at the bottom).
    2. Download the latest firmware from the manufacturer's official website (do not use third-party sources!).
    3. Find the section in the router panel Administration → Software Update.
    4. Download the firmware file and wait for the process to complete (do not turn off the router!).

    On some routers (Keenetic, ASUS) There's an automatic update feature—enable it. If your router is older than 5 years and the manufacturer no longer releases updates, consider buying a new one (recommended 2026 models: ASUS RT-AX88U Pro, TP-Link Archer AXE300, Keenetic Ultra).

    ⚠️ Attention: Before updating the firmware, make a backup copy of the router settings (section Administration → Backup/Restore). In case of failure, you can restore the configuration.

    8. Checking the network for leaks and hacking

    How can you be sure your network is truly secure? Conduct an audit:

    1. Network scanning:
      • Use programs Wireshark (for PC) or Fing (for smartphones) to see all connected devices.
      • Compare the list with your gadgets - unfamiliar MAC addresses indicate a hack.
    2. Vulnerability test:
      • Service GRC ShieldsUP! (grc.com) checks open ports of the router.
      • Utility RouterPassView (from NirSoft) shows weak passwords by default.
  • Traffic monitoring:
    • In the router panel, look at the traffic usage graphs (section Statistics or Monitoring).
    • Sharp surges during non-working hours may indicate an unauthorized connection.

    If you detect suspicious activity:

    • 🔧 Immediately change your Wi-Fi password and router admin panel password.
    • 🔧 Check your router for malware (for example, using Dr.Web CureIt!).
    • 🔧 Reset your router to factory settings (button Reset on the back panel) and reconfigure.

    For advanced users: customize notification system about new connections. For example, on routers with firmware DD-WRT or OpenWRT You can set up email/SMS sending when a new device appears on the network.

    FAQ: Frequently asked questions about shutting down a Wi-Fi network

    Is it possible to close Wi-Fi for only certain devices?

    Yes, using MAC address filtering (Section 4). Add the addresses of devices you want to block to the "blacklist." An alternative is to use VLAN (virtual networks) on advanced routers (MikroTik, Ubiquiti), but this requires deep knowledge of network technologies.

    How do I disable Wi-Fi on a router from a provider (for example, Rostelecom)?

    Interface of provider routers (Sagemcom, Sercomm) is often simplified, but the basic settings are the same:

    1. Go to the panel at the address 192.168.0.1 (logins usually admin/admin or indicated on the sticker).
    2. Go to Wi-Fi → Security and select WPA2-PSK (AES).
    3. In the section Additional settings Disable WPS.

    If you don't have enough options, ask your provider to replace your router with a model that allows full access to settings.

    Should I use WPA3 if not all my devices support it?

    WPA3 is backward compatible with WPA2, so you can enable it mixed mode (WPA2/WPA3-Personal). Devices that don't support WPA3 will connect using WPA2, while others will use a more secure protocol. The main thing is that your router supports this mode (check in the settings section). Wi-Fi → Security).

    How to turn off Wi-Fi for a while (for example, at night)?

    Use the function Wi-Fi schedule (or Wireless Schedule) in the router settings. Specify the days and hours when the network should be disabled. An alternative is "parental controls" (Parental Controls), where you can block Internet access on a schedule for all or individual devices.

    What should I do if my neighbor hacked my Wi-Fi and refuses to disconnect?

    Sequence of actions:

    1. Change your Wi-Fi and router admin panel password to complex combinations.
    2. Enable MAC address filtering (section 4).
    3. Disable WPS and update firmware.
    4. If your neighbor continues to connect, contact your provider and report unauthorized access. As a last resort, you can file a police report under Article 272 of the Russian Criminal Code ("Unauthorized access to computer information").