How to Block Someone Connected to WiFi on a Router: A Complete Guide

A sudden drop in internet speed or constant lag in online games often indicates that someone else is using your wireless network. Unauthorized access Not only does it steal your traffic, but it also poses a security threat to personal data stored on connected devices. In such a situation, it's essential to immediately identify the intruder and restrict their access to the router.

There are several effective ways to solve this problem, from simply changing the password to more sophisticated MAC address filtering. The method you choose depends on the model of your equipment, whether it's TP-Link, Asus, Keenetic or MikrotikIt's important to act quickly but carefully to avoid losing access to your devices during the setup process.

In this article, we'll cover all current blocking methods, explain how to find the intruder's MAC address, and what settings to change in the router's web interface. You'll learn how to create device blacklists and strengthen your wireless network security to prevent similar incidents in the future.

How to identify an intruder on your network

Before taking any drastic action, you need to be absolutely sure that no one is connected to your network. Modern routers, such as Zyxel Keenetic or TP-Link Archer, have built-in monitoring tools that display a list of all active clients in real time. If you see a device with an unfamiliar name or a model you don't have at home, this is cause for concern.

One of the most reliable ways to check is to check the indicators on the router body. If all your computers and phones are turned off or in sleep mode, and the light WLAN or Wi-Fi If the light continues to flash rapidly, it means there's active data transfer. This is a sure sign that someone is downloading files or watching videos through your access point.

For a more detailed diagnosis, you can use specialized PC programs or mobile apps that scan the network. They show not only IP addresses, but also MAC addresses All connected gadgets. By comparing this data with your list of devices, you can easily identify the intruder.

  • 🔍 Check the list of clients in the router's web interface (see the "Status" or "Network Map" section).
  • 📉 Pay attention to your internet speed when your devices are not actively working.
  • 💡 Watch for the wireless network indicator blinking when the gadgets are turned off.
  • 📱 Use mobile network scanners to find unknown connections.
📊 How did you discover the speed issue?
The internet just got slow.
The Wi-Fi indicator on the router was flashing
Found an unknown device in the list
My friends told me

Once an intrusion has been confirmed, don't panic. Most modern routers allow you to disconnect a specific user with a couple of clicks, without requiring extensive networking expertise.

MAC filtering blocking method

The most flexible and professional way to restrict access is to use filtering by MAC addressesEach network device has a unique physical identifier, which is hardcoded into its network card and doesn't change (except in cases of software emulation). By adding the intruder's address to the router's "blacklist," you guarantee that they won't be able to connect, even if they learn your password.

To implement this method, you need to log into your router's control panel. This is usually done through a browser at 192.168.0.1 or 192.168.1.1. After authorization, find the section related to the wireless network (Wireless) and security (Security or Filter). This is where the access control functionality is located.

⚠️ Attention: Be extremely careful when setting up filtering. If you enable "Allow only listed" (Whitelist) mode without adding your devices, you will lose network access. Always use "Deny" (Blacklist) mode to block specific offenders.

The process of adding a device to the blacklist is as follows: copy the MAC address of the offending device from the client list and paste it into the corresponding field of the filtering rules. After saving the settings, the router will disconnect from this device, making it impossible to re-authorize.

☑️ Check before blocking

Completed: 0 / 5

Radical Method: Changing Your WiFi Password

If you don’t have time to mess around with filtering settings or the router interface is too complicated, the simplest and most effective way is change password wireless network. This method instantly disconnects all users, including yourself. After changing the access key, you'll have to reconnect all your trusted devices, entering the new password.

It's important to choose a complex password that can't be brute-forced. Use a combination of uppercase and lowercase letters, numbers, and special characters. The password should be at least 12 characters long. Avoid using obvious dates, names, or sequences like 12345678.

After changing the password, it is recommended to also change the network name (SSID). This is especially useful if your router has a standard name, such as TP-LINK_XXXX, which tells the attacker the device model and potential vulnerabilities. The new name should not contain personal information, such as last name or apartment number.

  • 🔐 Create a password between 12 and 20 characters long.
  • 🔄 Change the network name (SSID) to something neutral.
  • 📱 Prepare a list of devices to reconnect in advance.
  • 🛡️ Make sure the encryption type is selected WPA2-PSK or WPA3.
What should you do if you forgot your new password?

If you've changed your password and forgotten it, the only way to regain access is to reset the router to factory settings. To do this, locate the Reset button on the router and hold it for 10-15 seconds. This will reset the router to the factory password found on the sticker on the bottom, but all your settings (PPPoE connection type, network name) will be reset and will need to be reconfigured.

Instructions for different router models

Router management interfaces from different manufacturers can vary significantly, although the logic remains similar. Below is a table to help you quickly find the blocking settings on popular router models.

Router brand Path to the menu Function name
TP-Link Wireless -> Wireless MAC Filtering MAC Filtering (Enable + Deny)
Asus Wireless Network -> MAC Address Filter Filter mode: Reject
Keenetic My Networks and Wi-Fi -> Client List Lock (lock icon)
D-Link Wi-Fi -> MAC Filter Add a prohibit rule

For router owners Keenetic luckiest of all: in their interface, you just need to click on the lock icon next to the device name in the client list, and access will be blocked instantly. Asus And TP-Link Often you need to first enable the filtering function itself, select the operating mode (prohibit or allow), and then add a rule.

If you have a router from a provider (for example, Sagemcom or Sercomm), the interface may be stripped down. In such cases, providers often offer only basic features, and the MAC filtering option may be absent. In this situation, the only option left is to change the password.

Additional network security measures

Blocking a specific device is a temporary measure. To ensure long-term security, it's necessary to fix the vulnerabilities that allowed the attacker to gain access to the network. Outdated router firmware, which contains security holes, is often the cause.

Check your router's software version on the manufacturer's website. If a newer version is available, be sure to updateThis will patch known vulnerabilities and improve stability. It's also worth disabling this feature. WPS, as it is one of the easiest ways to crack a password using brute force.

⚠️ Attention: The WPS (Wi-Fi Protected Setup) feature, which allows connection via a push-button or PIN code, has critical vulnerabilities. Even with a complex Wi-Fi password, an attacker can brute-force the 8-digit PIN code and gain access to the network. It is recommended to disable WPS in the router settings immediately after initial setup.

Another important measure is disabling remote access to the router's web interface from the external network (WAN). This feature is often enabled by default, but the average user doesn't need it. If a hacker can guess the administrator password, they will gain complete control of your device.

  • 🔄 Update your router firmware regularly.
  • 🚫 Disable the WPS function in your wireless network settings.
  • 🌐 Disable access to the management interface from WAN.
  • 📡 Reduce the signal strength if the router is located near a window (to prevent neighbors from receiving the signal).

What to do if nothing helps

In rare cases, a user may encounter a situation where blocking an intruder fails, or the intruder reconnects repeatedly. This may indicate the attacker is using advanced techniques, such as cloning the MAC address of your trusted device or breaking encryption.

In this situation, the most reliable solution is to completely reset the router to factory settings (Reset). After this, you need to configure the network from scratch, setting the strongest passwords possible and disabling all unnecessary features. If this doesn't help, the problem may lie in the hardware or a specific vulnerability of the model.

If you live in a densely populated apartment building, your Wi-Fi range may be too wide. Try reducing the transmitter power in your router settings.Tx Power) to 50% or 70%. This will narrow your coverage area and make your network invisible or inaccessible to those located far away, such as in a neighboring house.

Is it possible to block a device without knowing its MAC address?

It's impossible to directly block a device without its MAC address, as this is its unique identifier. However, you can change the Wi-Fi password, which will disconnect everyone. After this, connection attempts may remain in the router logs, indicating the MAC address, which can then be blocked.

Will the neighbor see that he is blocked?

They won't receive any direct notification. Their device will simply try to connect, but the router will continually reject the request. To the user, this will appear as a constant "Incorrect Password" error or an endless process of obtaining an IP address.

Does blocking affect my internet speed?

Yes, after blocking the third-party device, your internet speed should increase as the bandwidth will be freed from unnecessary load. Your ping (latency) will also decrease, which is especially noticeable in online games and video calls.

Do I need to reboot my router after being blocked?

In most modern models, changes take effect instantly. However, if you don't see the result, a short reboot (Reboot) will help apply new filtering rules and clear the connection cache.

Can a hacker bypass MAC address blocking?

Theoretically, yes, if they can spoof (spoof) the MAC address of one of your authorized devices. However, for typical home use, MAC address filtering combined with a complex WPA2/WPA3 password is a sufficient security measure.