It's quite common for unauthorized devices to connect to your wireless network. This could happen because your neighbors have discovered your password, or because you once shared access and now want to restrict it. Close public access — this is the first thing you need to do to ensure the security of your personal data and stable internet speed.
Unauthorized use of your connection not only slows down page loading speeds but also creates the risk of information leakage. Attackers who gain access to your local network may attempt to intercept traffic or access shared folders on your computer. This is why administration Connected devices is a critical skill for any router owner.
In this article, we'll walk you through specific steps that will allow you to instantly disconnect uninvited guests and prevent them from reconnecting. You'll learn how to change key security settings, configure filtering, and create an isolated environment for visitors. The process doesn't require extensive programming knowledge, but it does require careful adjustments in the router interface.
Signs of unauthorized network access
Before you begin setting up restrictions, it's worth making sure the problem actually exists. Users often suspect their neighbors of stealing their data when speeds drop due to bandwidth congestion or provider issues. However, there are clear indicators that public access used by outsiders.
Pay attention to the indicators on your router. If the WLAN or Wi-Fi light is flashing rapidly when all your devices are off or in sleep mode, this is a warning sign. Another sign could be a sharp drop in internet speed in the evening, when the ISP's network load is typically high, but not to the point of completely blocking service.
The most reliable diagnostic method is to log into your router's control panel. In the connected clients section (often called Attached Devices, Client List or DHCP Client List) a list of all active devices is displayed. If you see unknown names there, such as Xiaomi_tv or Unknown_device, which are not in your home, then access is open.
⚠️ Warning: Some devices may appear under strange names or MAC addresses belonging to chip manufacturers, not gadget brands. Don't rush to block a device unless you're 100% sure it belongs to someone else.
For precise identification, check the MAC addresses. They are unique to each network interface and are usually listed on a sticker under the casing of your smartphone, laptop, or TV. If there's an address on the list that you can't find a match for among your devices, it's the intruder using yours. Wi-Fi channel.
Basic password and encryption type change
The most effective and radical method for removing shared access is to change the password for your wireless network. After doing this, all connected devices will be disconnected and will need to enter the new key to reconnect. This ensures that even if someone has saved your old password, they will no longer be able to use it.
To perform this procedure, you need to log into the router's web interface. This is usually done by entering the IP address (often 192.168.0.1 or 192.168.1.1) in the browser's address bar. After logging in (the login and password are often listed on the bottom of the device), go to the wireless mode section or Wireless Settings.
In the security settings, find the field for entering a new password (Pre-Shared Key). It is crucial to select the correct encryption type. The standard nowadays is WPA2-PSK or newer WPA3Using the outdated WEP protocol or an open network (Open) renders your password useless, as such protections are easily bypassed by specialized utilities in a matter of seconds.
Create a complex password. The password must contain at least 12 characters, including uppercase and lowercase letters, numbers, and special characters. Avoid obvious combinations like your date of birth or phone number. After saving the settings, the router may reboot, and you will need to reconnect your devices using the new key.
| Encryption type | Security | Compatibility | Recommendation |
|---|---|---|---|
| Open / None | Absent | 100% | Do not use |
| WEP | Critically low | High | Forbidden |
| WPA-PSK (TKIP) | Low | Average | Not recommended |
| WPA2-PSK (AES) | High | High | Recommended |
| WPA3-SAE | Maximum | Medium (new devices) | Optimal |
Setting up MAC address filtering
If you don't want to change your password and reconnect all your devices, you can use a more sophisticated tool: MAC address filtering. This feature allows you to create a "whitelist" or "blacklist" of devices based on their unique physical addresses. It's a powerful way to restrict access without changing the security key.
There are two filtering modes. The first is "Allow" (Allow/Whitelist). In this mode, only devices whose MAC addresses are included in the list can connect to the network. All others, even with the password, will be blocked. This is the most stringent security option.
☑️ Setting up a whitelist
The second mode is "Deny/Blacklist." Here, you enter the addresses of specific intruders, and the router blocks them. This method is convenient if you need to quickly remove a specific neighbor, but it is less reliable, as the MAC address on many devices can be spoofed (cloned).
To configure, find the section Wireless MAC Filtering or Access ControlFirst, you'll need to find the MAC addresses of all your devices. You can do this in your phone's settings (under "About Phone" or "Status") or by viewing the list of connected clients in your router; currently, only your devices are listed there. Add them to the rules table and enable filtering.
⚠️ Caution: Be extremely careful when enabling "Allow only listed" mode. If you forget to enter the MAC address of the device you're configuring the router from, you'll lose access to its interface and will have to perform a hard reset using the button on the router.
Using a guest network for isolation
Modern routers such as TP-Link Archer, ASUS RT or Keenetic, have a guest network feature. This is the ideal solution if you need to provide internet access to friends or tenants, but want to prevent them from accessing your main resources.
A guest network creates a virtual Wi-Fi segment with a separate name (SSID) and password. The main advantage of this technology is isolation. Devices connected to the guest channel have internet access but cannot see other devices on the local network, your shared folders, printers, and, most importantly, the router's control panel.
You can configure this in the section Guest NetworkYou can set a separate password, limit the speed for guests, or even set access time limits (for example, the network is only available from 10:00 AM to 10:00 PM). This allows you to keep your main network "sterile" and closed to outsiders.
What is the technical difference between the main and guest networks?
The guest network operates at the VLAN level or uses firewall rules to block traffic between interfaces. Data packets from guest clients are simply not routed to the LAN ports or the main wireless interface.
It's recommended to always keep the guest network enabled for visitors. This eliminates the need to share the master password with them. If you suspect guest access is being abused, you can easily change the guest-only password or disable this feature with a single click, without affecting your smart lights and TVs.
Hiding the network name (SSID) as a security method
Another method often recommended for increasing network privacy is disabling SSID Broadcast. When this feature is disabled, your Wi-Fi will no longer appear in the list of available networks on your neighbors' phones and laptops.
However, it's important to understand that this isn't a complete security measure. An experienced user or hacker can easily detect a hidden network using traffic analyzers, as devices still send service packets. However, this method is quite effective for protecting against random connections from nosy neighbors.
To connect to a hidden network, you'll need to manually create a new connection profile on each device, entering the exact network name (case-sensitive) and password. This can be a bit inconvenient when you have guests over, but it significantly reduces the visual clutter in the list of available networks.
You can find this option in the main wireless settings. Look for the item Enable SSID Broadcast or Network visibility and uncheck the box. The network will then disappear from the list but will continue to run in the background.
Disabling WPS to prevent hacking
WPS (Wi-Fi Protected Setup) technology is designed to simplify connecting devices without entering a lengthy password, typically by pressing a button on the router or entering a PIN. However, this very feature is one of the biggest security holes in home networks.
The problem is that the WPS PIN is only 8 digits long and can be brute-forced in a matter of hours or even minutes. If WPS is enabled on your router, an attacker can access your network without even knowing your complex Wi-Fi password.
To remove this vulnerability, you need to find the section WPS in the router menu and completely disable this function. On some models, for example, D-Link or old ones Zyxel, this may be the only way to ensure that access is only possible through standard password authentication.
⚠️ Note: After disabling WPS, you will not be able to connect new devices by pressing the physical button on the router. Connections will have to be made using the standard password.
Also, check to see if the WPS indicator on the front panel of the router is constantly lit. If it's blinking or lit, the feature is active. Disabling WPS is a mandatory step for anyone who wants to ensure the security of their router. encryption.
Frequently Asked Questions (FAQ)
Can my neighbor find out my new password if I just changed it?
If you've changed your password to a strong one and are using WPA2/WPA3 encryption, it's virtually impossible to find it remotely. However, if someone you know has previously accessed your network, they may have saved the password in the cloud (for example, iCloud Keychain or Google Passwords). In this case, the password may be automatically retrieved when their device connects to your network. To be completely sure, not only change the password, but also select the "Disable all clients" option in the router settings before changing the key.
Will the router reset if I lose power during setup?
Typically, changes to settings (password, filtering) are written to non-volatile memory immediately after clicking the "Save" button. A brief power outage after this should not reset the settings. However, if the router is turned off while the data is being written (rare, but it does happen), the settings may revert to the previous ones. It's best to wait until the router has fully booted up after applying the changes.
How do I block a device if I don't know its MAC address but I see it in the list?
In the interface of most modern routers (e.g., Keenetic, TP-Link Tether), there's a "Block" button or a lock icon next to each device in the client list. Clicking it automatically adds the device's MAC address to the Deny List. You don't need to manually enter the numbers.
Does the number of connected devices affect internet speed?
Yes, it does. The Wi-Fi channel is shared among all active users. If 10 devices connect to your network, downloading torrents or watching 4K videos, the speed on your primary device will drop significantly. Limiting access helps preserve network performance for your personal needs.
What should I do if I forgot my router admin panel password?
If you haven't changed the router's password (separate from the Wi-Fi password), try the standard combinations: admin/admin, admin/password, or the ones on the sticker underneath. If the password has been changed and lost, a full reset using the button on the router will help. Afterward, the router will return to factory settings and will need to be configured again.