How to Find Out Who's Connected to Your TP-Link Wi-Fi Router—and Disable Unwanted Users

Have you noticed your internet has slowed down even though you haven't changed your plan? Or maybe it's your router? TP-Link Has your device suddenly started overheating for no apparent reason? It's likely that unauthorized devices have connected to your network—neighbors, guests who forgot to disconnect, or even hackers exploiting vulnerabilities in old firmware. According to Kaspersky LabEvery fifth router in Russia has weak passwords, making it an easy target for unauthorized access.

In this article you will learn how check the list of connected devices on routers TP-Link (including models Archer C6, TL-WR841N, Deco M4 and others), identify other people's gadgets among them and disable them permanently — both through the web interface and using a mobile application TetherWe'll also look at why standard blocking methods sometimes don't work, and what to do if an attacker uses MAC address spoofing.

Important: If you have never changed your Wi-Fi password since purchasing the router, first Go to the section on changing your password - this will solve 90% of problems with third-party connections.

To see a list of connected devices, you first need to access the router's control panel. To do this:

  1. Connect to the network router - via Wi-Fi or cable LAN.
  2. Open any browser (Chrome, Edge, Firefox) and enter one of the IP addresses in the address bar:
    • 192.168.0.1 (the most common for TP-Link)
    • 192.168.1.1 (alternative option)
    • tplinkwifi.net (if the IP does not work)
  • Enter your login and password. The default is:
    • Login: admin
    • Password: admin or an empty field (depending on the model)
    • ⚠️ Attention: If you haven't changed your login information, anyone who connects to your Wi-Fi will be able to access your router settings! Change them immediately after your first login..

    If the IP address does not open:

    • 🔌 Check if you are connected to the router's network (indicator Wi-Fi or LAN should burn).
    • 🖥️ On Windows: Open Command line (Win + R → cmd) and enter ipconfig. Look for the line Main gateway - this is the IP of your router.
    • 📱 On Android/iOS: Use the app Fing or Wi-Fi Analyzer to scan the network.
    📊 How do you usually access your router settings?
    Via 192.168.0.1
    Via tplinkwifi.net
    I use the Tether app
    I don't know how to log in

    After logging into the control panel, find the section with the device list. Its location depends on the firmware version:

    Firmware version Path to the list of devices What does the section look like?
    Old (blue) DHCP → DHCP Clients List Table with IP, MAC addresses and host names
    New (green) Basic Setup → Clients List with device icons and connection time
    Deco (Mesh) Devices → Connected devices Interactive network diagram with gadget types

    In the list you will see:

    • 🖥️ Device name (if it is broadcast - for example, iPhone-12-Pro or DESKTOP-ABC123).
    • 🔢 MAC address (unique species identifier 00:1A:2B:3C:4D:5E).
    • 📡 IP address (local, for example 192.168.0.101).
    • ⏱️ Connection time (helps identify "night" traffic thieves).

    How to distinguish your device from someone else's?

    • 📱 Check the MAC addresses of your gadgets:
      • On Windows: ipconfig /all → line Physical address.
      • On Android: Settings → About phone → General information → Wi-Fi MAC address.
      • On iPhone: Settings → Wi-Fi → (i) next to the network → MAC address.
    • 🔍 Unknown devices often have:
      • Strange names (eg. android_123456 or esp_8266 - it could be a neighbor's smart light bulb).
      • MAC addresses with prefixes Xiaomi, TP-LINK, ESPRESSIF (if you don't have such devices).

    Compare MAC addresses with your gadgets|

    Check the connection time (night hours are a sign of a thief)|

    Watch out for unusual hostnames|

    Try turning off the device and see the reaction (has the Internet become faster?)

    -->

    If you find a suspicious device, you can block it in several ways. Choose the method based on the situation:

    Method 1: Blocking via MAC filtering (permanently)

    This is the most secure method, as it locks the device using its unique ID. Instructions:

    1. Go to Advanced Settings → Wireless → MAC Filtering.
    2. Select mode Blacklist (or Deny (in the English version).
    3. Add the MAC address of someone else's device (for example, 00:1A:2B:3C:4D:5E).
    4. Save the settings and reboot the router.

    Method 2: Quick Disconnection via Client List

    If you need to quickly "kick out" a device without permanent blocking:

    • In the list of connected devices (DHCP Clients List) find someone else's gadget.
    • Click the button Disconnect or Disable (if there is one).
    • ⚠️ Attention: This method is temporary! The device will be able to connect again if it knows the Wi-Fi password. Use this for testing purposes only.

    Method 3: Change your Wi-Fi password (radical method)

    If you have a lot of unwanted devices or you're not sure which ones are yours:

    1. Go to Basic Setup → Wireless Mode.
    2. In the field Wi-Fi password Enter a new key (at least 12 characters, with numbers and special characters).
    3. Save the settings. All devices will be disconnected, including yours—they will need to be reconnected.

    4. Why someone else's device is returned: bypassing blocking

    Sometimes, even after blocking the MAC address or changing the password, a third-party device reappears online. Causes and solutions:

    Problem Cause Solution
    The device connects despite MAC filtering The attacker spoofed the MAC address (spoofing) Turn on Whitelist (allow only your MAC addresses)
    The password doesn't help Password leakage (for example, through WPS or vulnerability KRACK) Turn it off WPS in the settings and update the firmware
    New unknown devices appear The router is infected with malware (for example, VPNFilter) Reset your router to factory settings and re-flash it.

    Critical vulnerability: If your router supports the feature TP-Link Cloud (remote control), disable it in the section Advanced Settings → Remote ControlIn 2023, more than 200,000 TP-Link devices in Europe were hacked through it.

    If you suspect your router has been hacked:

    • 🔄 Reset it to factory settings (button Reset for 10 seconds).
    • 🔒 Set a new administrator password (not admin!).
    • 📥 Update firmware via System Tools → Firmware Update.

    5. How to protect your router from re-hacking

    Even if you've disabled all unauthorized users, they can return without additional security measures. Follow this checklist:

    Change administrator password (not admin!)|

    Disable WPS (vulnerable to brute force)|

    Enable WPA3 (or WPA2-AES) encryption|

    Update firmware to the latest version|

    Disable Remote Management (TP-Link Cloud)

    -->

    Administrator password (to enter settings) must be different from the Wi-Fi password! Use:

    • 🔐 Minimum 12 characters.
    • 🔢 Numbers, uppercase and lowercase letters, special characters (!@#$%).
    • 🚫 No obvious combinations (123456, qwerty, dates of birth).

    Wi-Fi security settings:

    • 🛡️ Select encryption type: WPA3-Personal (if supported) or WPA2-PSK [AES].
    • 🔄 Turn it off WPS - This function is vulnerable to attacks like Reaver.
    • 📡 Hide network name (SSID) is pointless - it doesn't protect against hacking, but it complicates legitimate connection.
    What is WPS and why should it be disabled?

    WPS (Wi-Fi Protected Setup) is a fast connection technology using a PIN code or a push-button. However, an 8-digit PIN can be cracked in a few hours using brute force. Even if you don't use WPS, leaving it enabled can become a backdoor for hackers.

    6. Alternative methods of connection control

    If your router's web interface seems complicated, try these methods:

    TP-Link Tether mobile app

    Download Tether from App Store or Google Play:

    • 📱 Connect to the router's network.
    • 🔍 In the main menu, select Devices — you will see a list of connected gadgets.
    • ❌ To turn off a device, swipe it to the left and press Block.

    Third-party monitoring programs

    If you need more details (eg traffic consumption):

    • 🖥️ Wireless Network Watcher (Windows) - Scans the network and displays all IP/MAC.
    • 📱 Fing (Android/iOS) — identifies the device manufacturer by MAC address.
    • 📊 GlassWire — tracks which device consumes the most traffic.
    ⚠️ Attention: Apps like Wi-Fi Kill or NetCut, which promise to "kick out" users, often contain malicious code. Don't install them!

    7. What to do if nothing helps

    If foreign devices continue to appear despite all measures:

    1. Check your router for infection.
      • Symptoms: spontaneous reboot, DNS changes, unknown open ports.
      • Solution: reset the settings and re-flash the router (instructions for your model are available on the website) TP-Link).
    2. Use a guest network.
      • Create a separate network for guests in Guest Network → Enable.
      • Limit its speed and access to local devices.
  • Contact your provider.
    • If the hacking occurs repeatedly, the problem may be on the operator's side (for example, a data leak in the personal account).

    Last resort: if the router is old (for example, TP-Link TL-WR740N 2015), its firmware may contain unpatched vulnerabilities. In this case, it is advisable to buy a new model with support WPA3 (For example, Archer AX21).

    Frequently Asked Questions (FAQ)

    Is it possible to find out which device is connected by its MAC address?

    Yes, the first 6 characters of the MAC address (the prefix) indicate the manufacturer. For example:

    • 28:CF:DAApple (iPhone, MacBook).
    • 78:31:C1Xiaomi (smartphones, smart devices).
    • 00:0E:8ETP-Link (repeaters, cameras).

    The full list of prefixes can be found on the website MAC Vendors.

    What should I do if my router doesn't show a list of connected devices?

    Possible reasons:

    • Outdated firmware - update it.
    • Disabled DHCP server - check in Network → DHCP.
    • Router in mode bridge or repeater — the list of clients may not be displayed.
    How to permanently block a device if it changes its MAC address?

    Use a combination of methods:

    1. Turn on MAC address whitelist and add only your devices there.
    2. Change your Wi-Fi password to a complex one (16+ characters).
    3. Set up Static DHCP lease for your gadgets (so that others cannot obtain the IP).

    If the attacker uses spoofing (MAC spoofing), only physical isolation of the network will help (for example, switching to a wired connection for critical devices).

    Can my neighbor connect to my Wi-Fi if I hide the SSID?

    Hiding the network name (SSID) does not protect against connection! An attacker can:

    • See the network by scanning the air (programs like Airodump-ng).
    • Connect manually knowing BSSID (MAC address of the router).

    Hiding your SSID only complicates things for legitimate users. It's better to spend time setting it up. WPA3 And MAC filtering.

    How can you tell if your router is hacked and not just glitching?

    Signs of hacking:

    • 🔄 The router reboots according to a schedule (for example, every day at 3:00).
    • 📡 Unknown rules have appeared in the settings Port Forwarding or changed DNS servers.
    • 🖥️ The list of connected devices includes gadgets with MAC addresses from China/Russia (if you didn't buy them).
    • 📈 Traffic is consumed even when all your devices are turned off.

    In this case You need to reset the router to factory settings and update the firmware.