Your home Wi-Fi is like the front door to your apartment: if it's left ajar, sooner or later uninvited guests will take advantage. In 2026, hackers have mastered new methods of breaking into networks, and standard passwords like admin/admin or 12345678 They can be hacked in minutes using specialized software. But the problem isn't just with outsiders hogging your traffic—a vulnerable router can become an entry point for attacks on all devices on the network, from smartphones to smart speakers with access to banking apps.
This article is not about abstract "safety tips", but about specific router settings, which close 95% of vulnerabilities. We'll figure out why. WPA3 still not a panacea, how to bypass filtering MAC addresses, and why even hidden SSID won't protect you from a targeted attack. We'll also show you how to check if your network has been hacked right now, without installing any additional software.
1. Change the default administrator login and password
The first thing a hacker checks when attacking a router is the default login credentials for the control panel. Manufacturers still ship devices with combinations like admin/password or user/user, and databases of such passwords have long been leaked. For example, in 2026, default credentials for 18 router models were leaked. TP-Link And D-Link, released after 2020.
How to change:
- 🔧 Go to your router's control panel (usually at
192.168.0.1or192.168.1.1). - 🔑 Find the section
System Tools → Password(the name may differ:Administration → Managementat ASUS,System → Admin Passwordat Keenetic). - 🔐 Create a strong password (at least 12 characters, including numbers, uppercase letters, and special characters). Example:
W1F1$ecur1ty_2026!. - 📝 Save your new password in a password manager (not on a sticky note under the router!).
⚠️ Attention: If you have forgotten the current administrator password, reset the router to factory settings using the button Reset (Hold for 10-15 seconds). But remember: this will delete all settings, including your ISP connection settings.
Why it's critical: With access to the control panel, an attacker can not only connect to your network, but also redirect your traffic through a proxy server, change DNS servers for phishing or even to download malicious firmware.
2. Choosing the Right Encryption Type: WPA3 vs. WPA2 vs. WEP
The encryption type determines how difficult it is to crack your network password. Three standards are relevant in 2026:
| Standard | Security level | Speed of work | Device support |
|---|---|---|---|
| WPA3 | ⭐⭐⭐⭐⭐ | High (latency ~2 ms) | Devices after 2019 |
| WPA2 (AES) | ⭐⭐⭐⭐ | Average (latency ~5 ms) | All devices |
| WPA2 (TKIP) | ⭐⭐ | Low (latency ~10 ms) | Obsolete devices |
| WEP | ⭐ (hacked in 3 minutes) | Very low | Devices before 2006 |
What to choose:
- 🛡️ WPA3 — the best option if all your devices support it (check the specifications of your smartphone, laptop, or TV). This standard uses individual encryption for each device (SAE — Simultaneous Authentication of Equals).
- 🔄 WPA2 (AES) — an alternative if you have old gadgets. The main thing is to turn them off. TKIP, as it is vulnerable to attack
KRACK(Key Reinstallation Attack). - ❌ WEP And WPA (TKIP) — never use them. Breaking them takes less time than brewing tea.
How to set up:
- Open the section
Wireless → Wireless Security(orWi-Fi → Security). - Select
WPA3-PersonalorWPA2/WPA3-Transition(hybrid mode for compatibility). - In the field
Versionplease indicateAES(NotTKIP!). - Create a Wi-Fi password that is long at least 20 characters (example:
K0ff3e_und_3rW4nscht!2026).
⚠️ Please note: Some providers (eg. Rostelecom or Beeline) block the ability to change the encryption type in rented routers. In this case, request a replacement device with a model that supports WPA3.
Why is WPA3 still not perfect?
Even WPA3 has vulnerabilities: an attack was discovered in 2023 Dragonblood, which allows you to downgrade security to WPA2. However, implementing this requires physical access to the network or specialized equipment, making it unlikely for home users. However, keep an eye on your router's firmware updates—manufacturers release patches regularly.
3. Hiding SSID and MAC Filtering: Does it Work?
Two popular "advisors" from old forums - hiding the network name (SSID) and filtering by MAC addresses — in fact, they provide minimal protection. Here's why:
- 👁️ Hidden SSID: your device still broadcasts the network name when connecting, and it can be easily intercepted by a traffic analyzer (eg. Wireshark). It's like hiding a store sign but leaving the door open.
- 🔗 MAC filtering: MAC addresses are counterfeited in one command in Linux or Kali LinuxIn addition, this creates problems when connecting new devices.
However, these methods can be used as an additional layer of protection, if you are ready for some inconvenience:
How to hide SSID:
- Go to
Wireless → Basic Settings. - Uncheck the box
Enable SSID Broadcast(orHide SSID). - Save the settings. The network will no longer appear in the list of available networks, but you can connect to it manually by entering its name.
How to set up MAC filtering:
- Find the section
Wireless → MAC Filtering. - Turn on filtering and select the mode
Allow(allow only specified addresses). - Add MAC addresses all your devices (you can find them in the settings of your smartphone or laptop).
4. Updating your router firmware: why it's critical
More than 60% of successful router hacks in 2026 occurred due to outdated software with known vulnerabilities. Manufacturers regularly release patches to close vulnerabilities, but users rarely install them. For example, the vulnerability CVE-2026-30078 in routers Netgear allowed remote code execution, but a fix was released back in March 2026 - however, as of June 2026, 40% of devices are still not updated.
How to update firmware:
Download the latest version from the official website
Make a backup copy of your current settings
Connect the router to a UPS (or a fully charged laptop)
Do not interrupt the update process
-->
Step-by-step instructions:
- Find out the router model (written on the sticker at the bottom).
- Download the firmware from the manufacturer's official website (for example, for ASUS RT-AX88U this will be a file of the type
RT-AX88U_3.0.0.4_386_51370-g1b4c5f2.gpk). - Go to
Administration → Firmware Upgrade. - Upload the downloaded file and wait until it is completed (the router will reboot).
⚠️ Warning: Never update firmware wirelessly - connect the router to your computer with a cable EthernetInterrupting the process can brick the device.
Where to check if the firmware is up to date:
- 🌐 On the manufacturer's website in the support section (for example, support.asus.com For ASUS).
- 📱 In the router's mobile app (at TP-Link This Tether, at Keenetic — Keenetic Start).
5. Setting up a guest network: Why it's more important than you think
The guest network is a separate SSID with its own password, isolated from your main network. Why this is a must-have in 2026:
- 🔒 Guests (or smart devices like light bulbs) don't have access to your personal data.
- 🛡️ If the guest network is hacked, the main network remains protected.
- 📶 You can limit the speed for guest access (for example, to 10 Mbps).
How to set up:
- Go to
Guest Network(orWi-Fi → Guest Access). - Enable the guest network and specify a separate name (for example,
MyHome_Guest). - Select encryption type
WPA2/WPA3and set a password. - Restrict access to the local network (optional)
Enable AP IsolationorClient Isolation). - Set a time limit (e.g. 9:00 AM to 10:00 PM).
Example of a secure configuration:
Network Name (SSID): Home_Guest_5GSecurity type: WPA3-Personal
Password: G0st_N3tw0rk_2026#Pass
Speed limit: 20 Mbps
Access time: 08:00–23:00
Client Isolation: Enabled
6. Disabling dangerous functions: WPS, UPnP, remote control
Many routers include default features that make life easier for the user, but open the door to hackers. The three most dangerous are:
| Function | Risk | How to disable |
|---|---|---|
| WPS (Wi-Fi Protected Setup) | Vulnerable to brute-force attacks (PIN guessing). Hacking takes 2 to 10 hours. | Wireless → WPS → Disable |
| UPnP (Universal Plug and Play) | Allows devices to automatically open ports, which is used for DDoS attacks. | Advanced → UPnP → Disable |
| Remote control | Provides access to router settings from the Internet. | Administration → Remote Management → Disable |
| Telnet/SSH | Insecure protocols for remote access. | Administration → Services → Disable Telnet/SSH |
Exceptions:
- ⚙️ UPnP may be needed for online games (for example, Call of Duty) or video calls (for example, Zoom). In this case, limit its operation to trusted devices only.
- 🔧 SSH needed for advanced configuration (for example, installation OpenWRT). If you use it, change the standard port
22to a non-standard (for example,2222) and set up key authentication.
7. Monitoring connected devices and detecting hacking
How do you know if your Wi-Fi has already been hacked?
- 🐢 Unexplained internet slowdown - someone is using your channel.
- 🔌 Unknown devices in the connection list (checked in the router panel).
- 🔄 Unintentional changes to settings (for example, changed DNS server).
- 🚨 Antivirus detects attacks from the local network.
How to check connected devices:
- Open the section
DHCP → DHCP Clients ListorWireless → Connected Devices. - Compare the list with your devices. Unknown MAC addresses — a cause for concern.
- Use network scanning applications such as:
- Fing (Android/iOS)
- Advanced IP Scanner (Windows)
- nmap (Linux/macOS, command:
nmap -sn 192.168.1.0/24)
What to do if a hack is detected:
Disconnect the router from the Internet (remove the WAN cable)
Reset to factory settings (Reset button)
Update your firmware to the latest version
Change all passwords (Wi-Fi, admin panel, provider)
Reconfigure your router using the instructions in this article.
-->
⚠️ Warning: If unknown devices continue to appear after a factory reset, your router may be infected with malware (e.g. VPNFilter or Mirai). In this case, replace the device.
FAQ: Frequently Asked Questions about Wi-Fi Security
Is it possible to hack Wi-Fi with WPA3?
Theoretically, yes, but in practice, this requires either physical access to the router or a zero-day exploit (an unknown vulnerability). In 2026, such attacks accounted for less than 0.1% of all hacks. The main threats are weak passwords or outdated firmware.
How to create a strong Wi-Fi password?
Use:
- Minimum 20 characters.
- A random combination of words (for example,
CowFliesOnBike! 2026). - Special characters and numbers, but not at the beginning/end.
- Password manager for storing (for example, Bitwarden or KeePass).
Do not use:
- Personal information (dates of birth, names).
- Popular phrases (
qwerty,password). - The same password for Wi-Fi and the admin panel.
Should you turn off Wi-Fi at night?
This reduces the risk of nighttime attacks (such as vulnerability scans), but is not a critical measure. More effective alternatives:
- Set up a Wi-Fi schedule on your router (for example, from 7:00 AM to 11:00 PM).
- Use the physical Wi-Fi off button on your router (if available).
- Turn on the function
Wi-Fi Schedulein the settings.
How to secure Wi-Fi in an apartment building?
In densely populated areas:
- Use 5 GHz instead of 2.4 GHz - less interference and more difficult to intercept the signal.
- Reduce the transmitter power in the router settings (option
Transmit Power), if the signal is not needed outside the apartment. - Turn on
Beamforming(if supported) - This focuses the signal on your devices. - Check your neighboring networks with Wi-Fi Analyzer and select the least loaded channel.
What should I do if I have a router from a provider and I don't have access to the settings?
Rented routers often block key features. Here's what you can do:
- Call your provider's support team and demand:
- Open access to security settings.
- Update the firmware to the latest version.
- Replace the device with a model with WPA3 (For example, Keenetic Giga or ASUS RT-AX55).
Bridge (bridge).- Turn on MAC filtering (if available).
- Set up VPN on all devices (for example, ProtonVPN or Windscribe).