How to block unauthorized access to your Wi-Fi router

A sudden drop in internet speed is often the first warning sign that uninvited guests have connected to your wireless network. It could be a neighbor trying to cut corners on their ISP, or a random passerby who's guessed a weak password. In any case, unauthorized users not only steal your traffic but also pose a potential security threat to personal data stored on computers and smartphones on your home network.

The situation requires an immediate response, as unauthorized access This opens the door to attackers. They can intercept transmitted data packets, inject malware, or use your connection for illegal activities, for which the owner of the IP address will be held accountable. That's why the question of how to block a Wi-Fi router from other users is critical for any modern digital device owner.

Fortunately, most modern routers, whether TP-Link, Asus, Keenetic or Mikrotik, have powerful built-in security tools. You don't need to be a programmer or network engineer to set up a reliable barrier. Simply know where the necessary switches are in the web interface and apply multiple layers of protection sequentially, turning your network into an impenetrable fortress.

Connection Diagnostics: Who's Taking Over Your Channel?

Before actively blocking the connection, you need to confirm the intrusion and identify the "intruder." Often, low speeds can be caused by a poor signal or channel congestion, not by other devices. First, log in to your router's admin panel by entering the gateway IP address in your browser's address bar. This is usually 192.168.0.1 or 192.168.1.1.

After logging in, find the section responsible for network status. It may be called Status, State, Wireless Statistics or Client listThis displays a table of all devices currently accessing your access point. Carefully review the list of MAC addresses and names of connected devices. If you see a device you can't identify, this is cause for concern.

⚠️ Note: Some smart devices (TVs, outlets, lamps) may have confusing names in the list. Before blocking, temporarily disconnect your devices from Wi-Fi to determine which of the remaining addresses are untrusted.

For a more in-depth analysis, you can use specialized snails on your smartphone, such as Fing or Network AnalyzerThey show not only the MAC address but also the manufacturer of the device's network card, which often helps identify whose phone or laptop it is. Knowing the manufacturer makes it easier to match the device to other devices in the home.

📊 How did you discover the speed issue?
The speed dropped sharply
An unknown device appeared in the list
My provider informed me about this.
I just decided to check

Changing your password and encryption type is the first line of defense.

The easiest and most effective way to kick out all uninvited guests from your network is to change your Wi-Fi password. Once you change the security key in your wireless settings, all connected devices will be disconnected. To reconnect, they will need to enter the new password, which, of course, only you will know.

When creating a new password, avoid obvious combinations like birth dates or sequences of numbers. Use a complex mix of letters and symbols, at least 12 characters long. At the same time, it's critical to check the encryption type. Make sure the standard you select is WPA2-PSK or the newest WPA3The WEP and WPA-TKIP protocols are considered obsolete and can be cracked in minutes.

The process of changing a password usually looks like this:

  • 🔐 Go to the section Wireless or Wireless mode in the router menu.
  • 🔐 Find the field Wireless Password or Wireless network password.
  • 🔐 Enter a new complex key and save the settings using the button Save.

After applying the settings, the router may reboot. You'll have to reconnect all your devices, entering the new password. This is a small price to pay for completely clearing your network of intruders. Changing your password regularly, for example, every six months, is a good digital hygiene practice.

MAC address filtering: whitelists and blacklists

A more advanced access control method is MAC address filtering. Each network device has a unique physical identifier that can be used as a pass. Configuring this filter allows you to create strict rules: either allowing only selected users (Whitelist) or blocking specific offenders (Blacklist).

Mode Blacklist Blacklisting is convenient if you want to block access to a specific neighbor but don't want to reconnect all your devices. You simply add the intruder's MAC address to the blacklist, and the router ignores their connection requests. However, this method has a vulnerability: an experienced user can change the MAC address of their network card to one that is allowed.

Mode Whitelist Whitelisting provides maximum security. In this case, the router allows connections ONLY to devices whose addresses are listed in the allowed list. All others, even with the password, are blocked. This is ideal for a static network where the device set rarely changes.

Parameter Blacklist (Deny) Whitelist (Allow)
Operating principle Blocks only selected addresses Allows only selected addresses
Convenience High (no need to bring your own devices) Low (you need to enter each device)
Level of protection Average Maximum
Risk of error You can block yourself You can block everyone if you forget your device.

To configure, find the section Wireless MAC FilteringEnable filtering, select the operating mode, and add the required addresses. Be extremely careful when whitelisting: if you don't add the address of the device you're configuring the router from, you'll lose access to its settings via Wi-Fi.

☑️ Setting up a MAC filter

Completed: 0 / 4

Hiding your network name (SSID) from prying eyes

Another effective layer of security is hiding your wireless network name. By default, your router broadcasts the SSID (Service Set Identifier), and any smartphone within range will see your network listed as available. If you enable this feature Hide SSID or Hide network name, the access point will no longer appear in the neighbors' list.

This doesn't provide absolute protection, as experienced hackers can detect a hidden network using traffic sniffers, but for the average "lazy" hacker, it will be an insurmountable barrier. To connect to a hidden network, the user must manually enter the network name (SSID) and password in the Wi-Fi settings on their device.

The configuration is carried out in the main wireless network settings section:

  • 👁️ Find the check mark Enable SSID Broadcast or Broadcast SSID.
  • 👁️ Uncheck this box (or select Disable).
  • 👁️ Save the changes.

After this, the network will disappear from the visible list. To connect a new guest, you'll have to dictate not only the password but also the exact network name, taking into account the case of the letters. This creates some inconvenience, but significantly increases privacy.

⚠️ Note: Hiding the SSID may prevent some smart devices (such as older printers or IoT gadgets) from automatically reconnecting when the connection is lost. Please check compatibility before enabling this feature.

Disabling WPS and Guest Mode

Technology WPS (Wi-Fi Protected Setup) was created to simplify connecting devices with the push of a button, but it has become one of the major security holes in home routers. WPS can be cracked quite quickly using brute-force PIN code attempts. If you don't currently use the push-to-connect feature, you should disable it in the settings.

Find the section WPS in the menu and set the status Off or DisabledThis will close one of the most common vulnerabilities. Instead, use the standard password entry or a QR code if your router supports it.

If you often have guests over and you don't want to give them access to the main network where your personal files are located, use Guest network (Guest Network). This is a virtual access point with a separate password and limited access to local resources. Guests will have internet access but won't be able to see your computers or NAS storage.

What is the danger of WPS?

The WPS protocol uses an 8-digit PIN code. The last digit is a checksum, effectively reducing the number of combinations to 11,000. Brute-force programs can find such a code in a few hours or even minutes.

Additional measures: firmware update and remote access

Router security depends not only on its settings but also on the up-to-dateness of its software. Manufacturers regularly release firmware updates that patch discovered vulnerabilities. Visit the section System Tools or Administration and check for a new version of the software.

It is also critical to check your remote control settings (Remote Management). This feature allows you to manage your router from the internet. If you don't need it, you should disable it. An open remote management port is a direct route for bots scanning your network for vulnerable routers.

Please check the following parameters:

  • 🛡️ Router administrator password (must not be admin/admin).
  • 🛡️ Control Protocol: Use HTTPS instead of HTTP if possible.
  • 🛡️ Session Timeout: Set up automatic logout from the Control Panel after a period of inactivity.

Frequently Asked Questions (FAQ)

Can my neighbor find out my password if I change it?

If you use the modern WPA2/WPA3 encryption standard and a complex password, it's virtually impossible to discover it over the air. However, if the password was saved on a device that has been in the hands of an attacker, or if your computer is infected with a virus, data theft is possible.

Will my router reset if I forget my new Wi-Fi password?

No, the settings don't reset automatically. However, if you forget your password, you'll need to connect to the router via cable or perform a hard reset using the button on the router. This will restore the factory settings and the password indicated on the sticker.

Does the number of connected devices affect internet speed?

Yes, the bandwidth is shared among all users. If your neighbor is downloading 4K movies, your browsing speed may drop. Blocking unnecessary devices will free up bandwidth.

Do I need to change my password if I use MAC whitelisting?

Recommended. A whitelist is a second layer of defense. If an attacker somehow spoofs the MAC address of an authorized device, the password will become the final barrier. Two-factor protection (MAC + password) is always more reliable.