Have you noticed that your internet connection is slowing down in the evenings, even though your plan hasn't changed? Or have you seen unknown gadgets with names like Android-123456 or Guest's iPhone? Most likely, your neighbors are using your Wi-Fi, either knowingly or unknowingly. According to Kaspersky, every fifth home router in Russia has vulnerabilities that allow unauthorized access to the network.
The problem isn't just traffic theft. Other people's devices can:
- 🔍 Intercept your data (passwords, bank details, correspondence) if the network is not protected by encryption.
- 🐢 Slow down — especially if your neighbors are downloading torrents or watching 4K videos.
- 🚨 Spread viruses over your local network, infecting connected PCs and smartphones.
- 📡 Use your IP for illegal activities (such as downloading pirated content).
In this article - 7 proven methods close Wi-Fi from strangers, from basic (change password) to advanced (settings VLAN And guest network). All instructions are adapted for routers. TP-Link, ASUS, Keenetic, Xiaomi And MikroTik, but the principles are universal. We'll also dispel myths (for example, about the "uselessness of hiding the SSID") and provide a checklist for quickly checking the security of your network.
1. Check your current connections: Who is on your network?
Before shutting down the network, make sure the problem actually exists. Many routers display a list of connected devices, but it's not always obvious which ones are "foreign."
How to check:
- Open the router's web interface (usually at
192.168.0.1or192.168.1.1). The default login and password can be found on the device sticker (usuallyadmin/admin). - Go to the section
DHCP,ClientsorWireless(the names are different). Look for tabs like Device List or Active Connections. - Compare MAC addresses (unique device identifiers) with your gadgets. Unknown addresses are a warning sign.
An example of a list of connections in a router Keenetic:
| Device | IP address | MAC address | Connection type |
|---|---|---|---|
| iPhone-12-Pro | 192.168.1.100 | A4:83:E7:12:F5:89 | Wi-Fi (5 GHz) |
| Android-98d4f2 | 192.168.1.103 | 7C:BB:6D:98:D4:F2 | Wi-Fi (2.4 GHz) |
| Samsung-TV | 192.168.1.101 | 00:1A:79:4E:2B:11 | Wi-Fi (5 GHz) |
In this example the device Android-98d4f2 raises suspicions - if you don't have such a gadget, it could be your neighbor. MAC addresses are easy to spoof, so their presence in the list does not always mean a hack – but it is a reason to check the network security.
⚠️ Attention: Some routers (eg. Zyxel Keenetic) show not only active ones, but also previously connected devices. Clear this list every 1-2 months to avoid missing "guests."
2. Changing your password: why your current one is no longer secure
The most common cause of Wi-Fi leaks is a weak password. According to NordPassIn 2026, the top 5 most popular passwords for routers were:
- 🔐
12345678(used in 12% of cases) - 🔐
qwertyorpassword - 🔐
adminor the model name of the router (for example,tplink) - 🔐 Date of birth or apartment number
Such passwords can be cracked in less than a minute using special programs (for example, Aircrack-ng). Even if your neighbor isn't a techie, he can simply pick a combination of popular options.
How to create a strong password:
- 🔒 Length not less than 12 characters (optimally 16+).
- 🔒 A combination of uppercase and lowercase letters, numbers, and symbols:
!@#$%. - 🔒 Do not use dictionary words or personal information (name, pet name, address).
- 🔒 Example of a strong password:
k7#pL9!vR2$mQ1.
How to change your password (using an example) TP-Link):
- Go to the router's web interface (
192.168.0.1). - Go to
Wireless → Wireless Security. - In the field
Password(PSK) enter a new password. - Save your settings and reconnect all your devices.
Make sure the new password is not used on other resources|
Write your password in a safe place (for example, a password manager)|
Reconnect all your devices manually (not via WPS!)|
Check your internet speed after changing your password (sometimes routers reset QoS settings)
-->
⚠️ Attention: After changing the password, all devices (including smart bulbs, speakers, and cameras) will be disconnected from the network. Make sure you have access to their settings to reconnect them.
3. Selecting encryption type: WPA3 vs. WPA2 vs. WEP
Even the most complex password is useless if you use an outdated encryption protocol. Three standards are currently in use:
| Protocol | Security level | Speed of work | Device support |
|---|---|---|---|
| WEP | 🚨 Critically vulnerable | Low | All devices (but don't use!) |
| WPA2 (AES) | ✅ Reliable | High | 99% of devices (2010–2026) |
| WPA3 | 🔒 Maximum protection | High | Devices since 2018 |
What to choose?
- 🛡️ WPA3 — the best option if all your gadgets were released after 2018. It protects against dictionary attacks and password leaks through KRACK.
- 🔄 WPA2 (AES mode only) - if you have old devices (for example, a set-top box Dune HD or a 2015 smartphone). Never use WPA2 in TKIP mode - it is vulnerable to attacks.
- ❌ WEP If your router only offers this option, urgently update the firmware or replace the device.
How to change the encryption type (using an example) ASUS RT-AX88U):
- Open
Wireless Network → General. - In the field
Authentication methodselectWPA3-Personal(orWPA2/WPA3for compatibility). - In the field
EncryptioninstallAES. - Save the settings and reboot the router.
4. Hiding SSID: Myths and Real Benefits
Many people advise hiding the network name (SSID) so it doesn't show up in the list of available Wi-Fi networks. But it doesn't work as it seems:
- ✅ Plus: It's harder to connect accidentally (for example, a neighbor won't see your network and try to guess the password).
- ❌ Cons:
- Experienced users will still find the network using programs like NetStumbler.
- Your devices will be constantly broadcast the network name when connected, making it detectable.
- Some gadgets (for example, Amazon Echo) do not work well with hidden networks.
When hiding the SSID makes sense:
- 🏠 If you live in an apartment building with dozens of visible networks, your network won't be visible in the general list.
- 🔍 You combine this with other measures (WPA3, MAC filtering).
- 📱 You don't have devices that don't work well with hidden networks.
How to hide SSID (using example) Xiaomi Mi Router 4A):
- Go to
Wi-Fi Settings → Basic Settings. - Uncheck the box
Enable SSID broadcasting(orBroadcast SSID). - Save the settings. The network will no longer appear in the list, but you can connect to it by entering its name manually.
How to connect to a hidden network on Android/iOS?
On Android: go to Settings → Wi-Fi → Add network, enter the SSID name and password.
On iOS: Settings → Wi-Fi → Other network, specify the SSID manually.
5. MAC address filtering: reliable or not?
Filter by MAC addresses Allows you to restrict connections to specific devices. This adds a layer of security, but there are some caveats:
Pros:
- 🔐 Even if a neighbor finds out the password, he won’t be able to connect without permission.
- 📊 Easily control which devices are on the network.
Cons:
- 🔄 MAC addresses are easy to spoof (spoiler).
- 📱 When adding a new gadget (for example, a guest phone), you will have to go to the router settings.
- 🔧 Some devices (eg. Smart TV) may change the MAC address after updating.
How to set up filtering (using an example) MikroTik hAP ac²):
- Go to
Wireless → Security Profiles. - Create a new profile or edit an existing one.
- Turn on
MAC Address Filterand add your device addresses to the whitelist. - Set the mode
Accept(allow only specified MACs).
Example of MAC address whitelist:
00:1A:79:4E:2B:11 # Samsung TVA4:83:E7:12:F5:89 # iPhone 12 Pro
7C:BB:6D:98:D4:F2 # Lenovo Laptop
⚠️ Warning: If you are using Mesh systems (For example, TP-Link Deco or Google Nest Wi-Fi), MAC filtering may not work correctly due to roaming between nodes. Check the documentation for your model.
6. Guest network: how to give your neighbors internet without risk
If you don't mind sharing your internet with your neighbors (for example, in a country house), but want to protect your main network, set up guest Wi-FiThis is a separate network with:
- 🔒 With your password (different from the main one).
- 🚫 Lack of access to local devices (printers, NAS, cameras).
- ⏱️ Possibility to limit speed or operating time.
How to set up a guest network (using an example) Keenetic):
- Go to
Home Network → Segments → Guest Network. - Enable the option and set a name (eg.
Guest_WiFi). - Set a separate password and encryption type (
WPA2-PSK). - In the section
RestrictionsYou can set a speed limit (for example, 10 Mbps) or operating hours (for example, from 9:00 to 21:00).
Benefits of a guest network:
- 🛡️ Insulation: Guests will not see your devices on the local network.
- 📊 Control: You can turn off guest Wi-Fi at any time.
- 🔄 Flexibility: Easily change your password without affecting your main network.
7. Additional measures: Disable WPS before updating the firmware
Even after all the adjustments, loopholes remain. Let's look at advanced protection methods:
Disabling WPS
WPS (Wi-Fi Protected Setup) is designed to quickly connect devices using a PIN code or a button. But:
- 🔐 8-digit PIN code can be cracked in 4–10 hours (even if the router is blocked after unsuccessful attempts).
- 🚨 The vulnerability allows one to connect to the network without knowing the master password.
How to disable (using example) D-Link DIR-615):
Settings → Wi-Fi → WPS → Disable
Updating the router firmware
Manufacturers regularly patch firmware vulnerabilities. For example, in 2023, routers ASUS a critical flaw was found CVE-2023-28702, allowing remote code execution.
How to update firmware:
- Log into your router's web interface.
- Find the section
UpdateorFirmware. - Download the latest version from the official website (do not use third-party sources!).
- Download the file and wait for it to reboot.
Setting up VLANs (for advanced users)
If you have a router that supports VLAN (For example, MikroTik or Ubiquiti), you can divide traffic into virtual networks. For example:
- 🖥️ VLAN 10 — basic devices (PCs, phones).
- 📺 VLAN 20 - smart home (lamps, cameras).
- 👥 VLAN 30 — guest network.
This prevents access between segments even if an attacker connects to the Wi-Fi.
⚠️ Attention: Configuring VLANs requires networking knowledge. Incorrect rules can disable internet access for all devices.
FAQ: Answers to Frequently Asked Questions
Is it possible to find out who exactly is connected to my Wi-Fi?
It's impossible to accurately identify a person using a MAC address or device name. However, it is possible:
- Look device manufacturer by the first 3 bytes of MAC (for example,
00:1A:79- This Samsung). - Use programs like WireShark for traffic analysis (requires skills).
- Contact your provider - they can provide connection logs (by law).
If you suspect a targeted hack, it is better change password And enable WPA3.
My neighbors continue to connect even after I changed my password. What should I do?
Possible reasons:
- The password is too simple (try generating it via password manager).
- Password leak (for example, you gave it to a guest, who passed it on to the neighbors).
- Router vulnerability (update firmware or reset to factory settings).
- Attack through WPS (disable it in settings).
If the problem persists, try:
- Change network name (SSID) - some devices retain old settings.
- Turn on MAC filtering.
- Contact your provider - the problem may be on their end (for example, double NAT).
How to secure Wi-Fi in a country house with many guests?
Optimal solution:
- Tune guest network with a separate password.
- Limit the guest network speed (for example, to 20 Mbps).
- Use vouchers (in routers Ubiquiti or Pfsense) - each guest receives temporary access.
- Turn on isolation of clients (option
AP Isolation), so that the guests do not see each other.
Example setup for Ubiquiti UniFi:
Settings → Wireless Networks → Guest Network → Enable "Client Isolation"
Is it possible to track a neighbor who is stealing Wi-Fi by IP address?
Technically IP address in a local network (for example, 192.168.1.103) belongs to the device, not the person. To identify the owner:
- Take a look MAC address devices in the router settings.
- Compare with MAC addresses their gadgets.
- If the address is someone else's, you can try turn off the device via the router's web interface (optional)
BlockorKick).
For legal action (for example, if a neighbor is using your IP for illegal activities), contact the police with the router logs. Your ISP can help identify the subscriber by their external IP, but only upon an official request.
How to protect Wi-Fi from hacking through router vulnerabilities (for example, CVE-2026-12345)?
Vulnerabilities in router firmware are one of the main causes of hacking. To minimize the risks:
- 🔄 Update your firmware at least once every 3 months.
- 🔒 Disable remote control (option
Remote Management). - 🛡️ Change the default login/password admin panels (do not leave
admin/admin). - 📡 Disable UPnP (facilitates attacks from the Internet).
- 🔍 Check your router for vulnerabilities through services like RouterSecurity.org.
If your router is older than 5 years, consider replacing it with newer models (for example, ASUS RT-AX86U or TP-Link Archer AX73) have better protection.