How to Close an Open Wi-Fi Network: Protecting Your Router from Hacking

The situation when in the list of available networks you see a router with the name TP-Link, Keenetic or Tenda An open hotspot without a lock icon is a critical vulnerability. An open hotspot means anyone within range can connect to your internet without entering a password. This not only steals your traffic but also poses a direct threat to your personal data, as attackers can intercept transmitted information.

Equipment owners often forget to change factory settings after purchase, leaving the network open by default or due to a configuration reset. Wireless network security Security should be the number one priority when initially installing a router. In this article, we'll cover the technical aspects of securing your home network perimeter, encryption methods, and hiding your SSID.

Ignoring basic security measures turns your router into an open door for hackers. Modern attack methods allow for quick access to devices on the same local network. Therefore, the question of how to close an open Wi-Fi network requires immediate action using up-to-date encryption protocols.

Risk Analysis of an Open Access Point

The absence of a Wi-Fi password creates conditions for attacks such as Man-in-the-MiddleAn attacker who connects to your network can intercept the data flow between your device and the internet. This allows them to intercept logins, passwords for email services, banking apps, and instant messaging messages if they don't use end-to-end encryption.

In addition, open access is often used for illegal activities that the police will track based on your IP addressThe router owner is legally responsible for all actions taken through their connection, even if they were performed by an unauthorized person. Downloading illegal content or attacking government servers from your IP address will be your responsibility.

⚠️ Warning: Using outdated encryption protocols (WEP) or not using them at all is considered an open network. Modern hacking tools can bypass WEP in minutes, so relying on "some password" is not an option—the encryption method is what matters.

In addition to external threats, there is a risk of accessing local resources. Smart plugs, CCTV cameras, network storage NAS and printers often lack their own protection from devices within the network. If an outsider gets into the local network, they have complete control over yours. smart home appliances.

📊 How often do you change your Wi-Fi password?
Once a month
Once a year
Only when purchasing a router
Never changed

Login to the router control panel

The first step to closing the network is to log into the administrator's web interface. To do this, connect to the router via cable or a currently open Wi-Fi network. Enter the gateway IP address in the browser's address bar, which is usually set to 192.168.0.1 or 192.168.1.1The exact address is indicated on the sticker on the bottom of the device.

The system will request authorization data. The factory login and password are also located on the case label; this is usually a combination admin / admin or admin / passwordIf you have previously changed this data and forgot it, you will have to perform factory reset (Hard Reset) by holding the Reset button for 10-15 seconds.

After successful login, the control panel will open, the appearance of which depends on the manufacturer (Asus, Zyxel, MikroTik). Interfaces may differ, but the security setup logic is the same for all models. Find the section responsible for wireless mode, often called Wireless, Wi-Fi or Wireless network.

Choosing a strong encryption method

In the wireless network settings section, the key setting is protection method (Security Mode). This setting turns an open network into a closed one. Modern standards require the use of protocols from the WPA family. The older WEP standard has long been recognized as vulnerable and should not be used under any circumstances.

The optimal choice at the moment is WPA2-PSK (AES)This standard provides a high level of security and is compatible with the vast majority of devices released in the last 15 years. If your router and all client devices (smartphones, laptops, TVs) support the new standard WPA3, it is recommended to choose it or a mixed mode WPA2/WPA3.

When selecting the encryption mode AES encryption algorithm is mandatory, as the TKIP algorithm is considered obsolete and reduces overall network speed. Some older routers may offer a "WPA-PSK/WPA2-PSK mixed mode" option—this is an acceptable compromise for compatibility with older devices, but it's better to use pure WPA2 if possible.

☑️ Check security settings

Completed: 0 / 4

Creating a strong password

Even the most modern encryption protocol is powerless against a simple password. Hackers use dictionaries of popular combinations and brute-force attacks. Passwords should be complex but memorable. Avoid using birthdays, phone numbers, or simple sequences like 12345678.

An ideal Wi-Fi password should contain at least 12-14 characters, including uppercase and lowercase letters, numbers, and special characters. A good example is a phrase transliterated with letters replaced with numbers: My_Dom_Krepost_2026!Such combinations are practically impossible to brute-force within a reasonable time.

It's important to update your access keys regularly, especially if you suspect someone has seen your password. In the router's control panel, the key entry field is usually labeled Wireless Password, Pre-Shared Key or Wireless network passwordAfter entering a new value, be sure to press the button Save or Apply to save the configuration.

Encryption type Security level Compatibility Recommendation
Open (No) Absent 100% Strongly not recommended
WEP Critically low Old devices Prohibited for use
WPA2-PSK (AES) High Almost 100% The optimal choice for the home
WPA3-Personal Maximum New devices Recommended for new equipment

Hiding the network name (SSID)

An additional security measure often discussed in the context of network closure is hiding the network name (SSID Broadcast). When this feature is enabled, the router stops broadcasting packets with its name. As a result, regular users see only "Hidden Network" in the list of available networks, or none at all.

However, it's important to understand that this isn't complete protection. Specialized software can easily detect hidden networks based on the service packets the device is forced to transmit. Furthermore, hiding the SSID can cause connection issues with some smart devices, such as IoT lamps or old printers that cannot search for hidden networks.

This feature only makes sense as a supplement to a strong password to reduce "noise" and neighbors' curiosity. To connect to a hidden network, you'll have to manually enter the network name (SSID) and encryption type on each new device, which creates some inconvenience.

Does hiding the SSID affect speed?

Hiding the network name does not directly affect data transfer speed, but it may slightly increase the time it takes for devices to reconnect when leaving the coverage area, as the device has to scan the air more actively.

Setting up MAC address filtering

The most stringent access control method is MAC address filtering. Each network device has a unique physical identifier—a MAC address. You can create an Allow List in your router settings, which only includes the addresses of your trusted devices.

Even if an attacker learns your Wi-Fi password, they won't be able to connect because their MAC address won't be on the allowed list. This creates two-factor protection: knowledge of the password and the presence of authorized equipment. However, managing such a list takes time: for each new guest, their address will have to be manually entered into the settings.

To find out the MAC address of a device, it is usually enough to look in the connection properties on the device itself or in the list of clients (Client List) in the router interface. The filtering function is often located in the section Wireless MAC Filtering or Access controlDon't forget to enable the "Allow" mode for the selected addresses.

⚠️ Please note: MAC addresses can be easily spoofed by an experienced hacker if they are already inside the network or monitoring traffic. Therefore, MAC filtering is an additional, but not the only, security measure.

Checking connected devices

After setting up security, you need to conduct a network audit. Go to the section Attached Devices, Client list or DHCP Client ListThis displays all the devices currently consuming your data. Compare the list with your existing devices: smartphones, TVs Samsung or LG, laptops.

If you detect an unknown device, change your Wi-Fi password immediately. All connected devices will be disconnected, and you'll have to re-enter the new password on each one. Regularly checking the client list helps identify "neighborhood" users who may have guessed a weak password.

Some modern routers, for example from Keenetic or MikroTik, allow you to block devices directly from the client list with one click. It's also useful to limit the maximum number of connected devices, if this feature is available on your router model.

What should I do if I forgot my Wi-Fi password after setup?

If you set a complex password and forgot it, you can only recover it by accessing the router settings via cable. If you also lose access to the settings, a full reset to factory defaults will help. After this, the router will revert to the factory password indicated on the sticker, and the network will again be open or protected by the default key, which you will need to change immediately.

Can a neighbor hack WPA2?

Theoretically, WPA2-PSK can be cracked using dictionary attacks if the password is simple. However, if a long character combination is used, brute-forcing it would take years even with powerful computing power. Vulnerabilities in the WPA2 protocol itself (the KRACK attack) require physical proximity and sophisticated equipment; in a home environment, the risk is minimal with a strong password.

Does password protection affect internet speed?

Modern router processors handle WPA2/WPA3 encryption in hardware, so the impact on speed is imperceptible to the user. Latency (ping) is not increased. The only thing that can reduce speed is using the outdated TKIP algorithm instead of AES, as it limits speed to the standard 54 Mbps.