Many people are familiar with the situation when the internet starts to slow down and unfamiliar devices appear in the list of connected devices. This is a sure sign that an unauthorized user has connected to your network and is stealing traffic. Often, router owners are unaware that their password has been compromised or stolen through WPS vulnerabilities. Blocking uninvited guests becomes a top priority to restore normal speed and security of personal data.
Modern routers offer powerful administration tools that allow you to control every device on your network. You don't need to be an IT professional to take advantage of this feature. MAC filtering or blacklist. All you need is access to your router's web interface and follow the instructions carefully. In this article, we'll cover all the current methods for restricting a specific person's access to your Wi-Fi, regardless of your router model.
Before taking any action, it's important to understand who exactly you're blocking. Blindly disabling devices could leave your smart lights or TV without internet. Therefore, the first step should always begin with a thorough investigation. connection diagnostics and address identification. Only after confirming the device's authenticity can strict measures be taken to isolate it from the network.
How to identify a rogue device on your network
The first step in protection is detecting the intruder. Most modern routers have built-in functionality that displays a list of all active clients. Log into the router's admin panel, usually accessible at 192.168.0.1 or 192.168.1.1, and find the section with the wireless network status. Here you will see a list of devices, their IP addresses, and unique identifiers. MAC addresses.
Compare the list with your existing gadgets. Manufacturers often retain part of the brand name in the device name, for example, Samsung, Apple or XiaomiIf you see a device named "Unknown" or a brand you don't know, this is cause for concern. Also, pay attention to data transfer activity: if an unknown device is actively downloading or uploading data while you're sleeping, this is a clear sign of unauthorized access.
For a more in-depth analysis, you can use specialized network scanners on your smartphone, such as Fing or Network ScannerThese apps display not only the MAC address but also the device's network card manufacturer, which helps more accurately identify the source of the problem. If, after checking all your devices, an "unnecessary" client remains in the list, you should immediately block it.
⚠️ Note: Some devices may hide their real name, appearing as "Android" or "Linux." In these cases, rely solely on the MAC address and the time the device first appeared online.
What is a MAC address and why is it needed for blocking?
The basis of any blocking on a local network is the MAC address. This is a unique identifier assigned to a device's network interface during manufacturing. Unlike an IP address, which can change dynamically with each connection, MAC address remains constant (except when using randomization features in newer versions of iOS and Android). This is why MAC filtering is the most reliable access control method.
The MAC address format is a 12-character hexadecimal string separated by colons or hyphens, for example: 00:1A:2B:3C:4D:5EThe first three pairs of characters typically identify the equipment manufacturer (OUI), which helps identify the type of device connected. The remaining characters are the unique serial number of the interface. The router uses this address to route data packets within the local network.
Is it possible to spoof a MAC address?
Yes, a technically savvy user can clone the MAC address of your trusted device onto their own. However, for simple "neighborly Wi-Fi theft," this is too complex a manipulation, and standard blocking will suffice.
It's important to understand that MAC address blocking works at the hardware level. When the router receives a connection request from a device with a prohibited identifier, it simply ignores it, even if the attacker has the correct Wi-Fi password. This creates an effective barrier that cannot be bypassed without physical access to the router's settings.
Instructions: Blocking via the router's web interface
The most universal way to restrict access is to use the router's built-in management interface. Interfaces vary from manufacturer to manufacturer (TP-Link, ASUS, D-Link, Keenetic) may differ visually, but the logic remains the same. You'll need to copy the MAC address of the intruder you identified in the previous step and add it to the blocked list.
Typically the path to the settings looks like this: go to the section Wireless (Wireless mode), then find the subsection Wireless MAC Filtering (MAC Address Filtering) On some models, this feature may be located in the Security (Security) or Access Control (Access Control). Activate the filtering feature if it is disabled by default.
☑️ Blocking algorithm
Next, select the filter mode. You'll need either "Deny" or "Blacklist." This means all devices except those on the list will be allowed access, or (depending on the router's logic) only those added to the list will be blocked. Add the MAC address of the offending device to the rules table, give it a descriptive name (e.g., "Neighbor_Phone"), and click the button. Save or Apply. Once the settings are applied, the device will immediately turn off.
Below is a table with sample settings paths for popular router brands to help you navigate:
Router brand
Menu section
Function name
Filter mode
TP-Link
Wireless -> Wireless MAC Filtering
Enable / Add New
Deny
ASUS
Wireless -> MAC Address Filter
Turn MAC Filter ON
Deny Mode
D-Link
Setup -> Wireless Filter
Turn MAC Filtering On
Deny
Keenetic
My Networks and Wi-Fi -> Client List
Block
Blacklist
Blocking via the manufacturer's mobile app
Owners of modern routers can often manage access much faster through the official mobile app. Manufacturers like TP-Link (Tether), Keenetic, Xiaomi (Mi Home) And ASUS (Router) We've moved security features to the main screen. This allows you to block an intruder with just one click, from anywhere in the world with internet access.
The process is intuitive: open the app, go to the list of connected clients (often called "Clients" or "Devices"). Find the unknown device in the list. Clicking on it usually opens detailed information, which includes a "Block" button or a lock icon. After confirming the action, the router will automatically create a filtering rule for this MAC address.
The advantage of mobile management lies in notifications. Many apps can send push notifications whenever a new device connects to the network. This allows you to respond to an intrusion immediately, even before the attacker has time to download a large amount of data. Furthermore, it's easier to rename devices in apps to avoid confusion in the future.
⚠️ Note: Mobile app functionality depends on your router's firmware version. If you don't see the button you need, check for updates for your router in the app settings.
Radical method: changing the password and network name
If you don't want to mess with MAC filters or suspect your password may have been more seriously compromised, the most effective method is to completely change your access key. Changing your Wi-Fi password automatically disables all devices, including your own. This ensures that no previously connected device can access the network without re-authorization.
Create a complex password using a combination of uppercase and lowercase letters, numbers, and special characters. Avoid obvious combinations like your date of birth or phone number. It's also recommended to change the network name (SSID) to prevent neighbors from trying to connect to a familiar name, thinking the password is the same. After changing the settings, you'll have to reconnect all your devices, entering the new password.
This method is especially effective if you are using an encryption protocol. WPA3 or WPA2-PSKOutdated protocols like WEP don't provide adequate security, making changing your password ineffective in the long run. Make sure WPA2/WPA3 Personal is selected in your wireless settings.
Additional measures to protect your Wi-Fi network
Blocking alone isn't enough to feel completely secure. There are a number of additional settings that can make life more difficult for potential hackers. First, disable this feature. WPS (Wi-Fi Protected Setup). This technology, which allows connection by pressing a button or using a PIN code, has known vulnerabilities that make it possible to guess the password in a matter of hours.
It's also worth paying attention to signal strength. If you live in a private home or your Wi-Fi signal extends far beyond your apartment, it might be a good idea to reduce the transmitter power in your router settings. This will reduce the coverage area, making it physically impossible to pick up a signal from the street or from distant neighbors. Furthermore, regular updates router firmware closes security holes that hackers can exploit.
Don't forget about your guest network. This is an isolated segment of your network that doesn't have access to your main devices (printers, NAS storage, smart home devices). Share the guest network password with friends and acquaintances. Even if they lose their phone or share the password with others, your main network will remain secure.
How often should I change my Wi-Fi password?
Cybersecurity experts recommend changing your Wi-Fi password every 3-6 months, especially if you live in a high-density apartment building. However, if you use a complex, unique password and have disabled WPS, frequent password changes are not strictly necessary, but they are a good preventative measure.
Will the blocked person see that they have been blocked?
The device won't receive a direct "You've been blocked" notification. For the user, this will appear as repeated connection attempts with an "Incorrect Password" error or an endless stream of IP addresses without internet access. They might think they've simply forgotten their password or the router is faulty.
Is it possible to block someone permanently?
Technically, until you remove the rule from the blacklist, access for this MAC address will be blocked. However, if the user changes the MAC address on their device (which requires certain skills and root access on Android or jailbreaking on iOS), they can bypass the block. For the average user, the standard block is an insurmountable obstacle.
What should I do if I blocked myself?
If you've blocked your device and lost access to your router's Wi-Fi settings, the only solution is to connect your computer to the router using an Ethernet (LAN) cable. Using a cable, you'll usually still be able to access the web interface, and you'll be able to remove your MAC address from the blacklist.
Does blocking devices affect internet speed?
Yes, blocking third-party devices directly impacts speed. Each connected client shares the bandwidth. By eliminating these "parasites," you free up resources for your own tasks, which is especially noticeable when watching 4K video or playing online games.