You're trying to connect to Wi-Fi, but instead of the usual password prompt, you see a mysterious message: "Wi-Fi Protected, WPS Available"What is this feature, why does it appear instead of the usual password entry, and most importantly, is it safe to use? In this article, we'll look at how it works. WPS (Wi-Fi Protected Setup), why many cybersecurity experts recommend disabling it, and what to do if your router stubbornly offers only this connection method.
Let us warn you right away: despite the convenience, WPS technology contains a critical vulnerability that allows a PIN code to be cracked in a matter of hours, even without special equipment.This isn't a theoretical threat—hackers are actively exploiting it to break into home networks. But let's take things one step at a time.
What is WPS and why does it appear instead of a password?
WPS (Wi-Fi Protected Setup) — is a standard developed in 2006 to simplify connecting devices to Wi-Fi. Instead of entering a long password, users could:
- 🔢 Enter 8-digit PIN code (printed on the router sticker)
- 🖱️ Press the button WPS on the router body (method PBC — Push Button Configuration)
- 📱 Use NFC or USB flash drive with configuration (rare)
The problem is that WPS PIN code is checked in parts: the first 4 digits and the last 4 digits separately. This allows hackers to try combinations in 10,000 times faster, than the full 8-digit code. Even if the router blocks attempts after several failures, many models reset the counter after 1-2 minutes.
Why do you see it? "Wi-Fi Protected, WPS Available" Instead of a password field? It depends on your router settings:
- 📡 Mode enabled WPS only (password disabled in security settings)
- 🔄 The router supports both methods, but your device tries to connect via WPS by default
- ⚙️ The router firmware is outdated and does not process authentication requests correctly.
The Dangers of WPS: Why It's Best to Disable This Feature
In 2011, the researcher Stefan Viehböck published a report proving WPS's vulnerability to brute-force attacks. The situation hasn't improved since then—most routers still use the same protocol. Here are the specific risks:
| Vulnerability | Consequences | Time to hack |
|---|---|---|
| Checking a PIN in parts | Code selection in 4-10 hours | 2–12 hours |
| No blocking | Unlimited match attempts | 1–3 hours |
| PIN leak in firmware | The code can be extracted from the memory dump. | Instantly |
| Attack Pixie Dust | Hacking even with blocking attempts | 30–60 minutes |
🔴 Real life example: In 2020, hackers exploited a WPS vulnerability to hack routers en masse. TP-Link And D-Link in Europe. Victims lost network access, and their devices were connected to botnets for DDoS attacks. Meanwhile, router owners had no idea their networks had been compromised.
⚠️ Attention: If your router supports WPS but you don't use it, disable the function in settingsEven if you don't see the "Wi-Fi Protected, WPS Available" message, an attacker can still try to connect via PIN without asking your permission.
Are there any exceptions? Yes, if:
- 🏢 You are using a corporate router with Enterprise mode WPS (For example, Cisco Meraki)
- 🔒 You have a router with hardware blocking of attempts (for example, Ubiquiti UniFi)
- 🛡️ On MAC filter and turned off WPS by PIN (only the button remains)
How to connect to Wi-Fi if WPS is required
If your router stubbornly only offers WPS and the password doesn't work, there are a few ways to get around this:
Check the sticker on your router—it might contain your Wi-Fi password.
Reboot your router (sometimes temporary settings are reset)
Connect via cable and check security settings
Update your router firmware (outdated versions may malfunction) -->
Method 1: Use the WPS button (most secure)
If there is a button with the inscription on the router body WPS or the 🔄 icon:
- Press the button on the router (hold for 1-2 seconds)
- Within 2 minutes, start connecting on your device
- Select a network and wait for it to connect automatically.
✅ Plus: The PIN code is not transmitted over the air, the risk of hacking is minimal.
❌ Minus: You need to physically get to the router.
Method 2: Enter the PIN code from the sticker
On the back of most routers there is a sticker with the following information:
SSID— network namePassword/Key— Wi-Fi passwordPIN— 8-digit code for WPS
🔹 If there is PIN, enter it when prompted by WPS.
🔹 If there is Password, try connecting using the usual password entry (WPS may be enabled in parallel).
⚠️ Attention: If the PIN code from the sticker does not work, do not enter it again — the router may block WPS for several hours. It's better to proceed directly to the settings via cable.
Method 3: Disable WPS via the web interface
The most reliable solution is disable WPS completely and use only the password. To do this:
- Connect to the router via cable or another network
- Open your browser and type
192.168.0.1or192.168.1.1 - Enter login/password (usually
admin/adminor see sticker) - Go to the section
Wi-Fi → SecurityorWireless Mode → Security - Find the option
WPSand selectDisabled - Save the settings and reboot the router.
Where exactly to look for WPS in different routers
TP-Link: Advanced → System Tools → WPS
ASUS: Wireless → WPS
Keenetic: Home Network → Wi-Fi → WPS
D-Link: Wi-Fi → WPS Settings
Zyxel: Network → Wi-Fi → WPS
Instructions for popular router models
Let's look at how to disable WPS on the most common devices. If your model isn't listed, the principles are similar.
TP-Link (Archer, TL-WR, Deco)
The interface may differ depending on the firmware:
- Go to
Advanced → System Tools → WPS - Switch
WPS Statusin positionDisabled - Click
Saveand confirm the reboot
📌 On new models (for example, Archer AX6000) WPS can be hidden in Wireless → WPS Settings.
ASUS (RT-AX, RT-AC, ZenWiFi)
ASUS often enables WPS by default:
- Open
Wireless → WPS - In the section
Enable WPSselectNo - Click
Apply
⚠️ On some firmware versions (Asuswrt-Merlin) you need to additionally disable WPS AP Mode V Administration → System.
Keenetic (Giga, Hero, Viva)
In routers Keenetic WPS is called Wi-Fi Protected Setup:
- Go to
Home Network → Wi-Fi - Click on your network name (SSID)
- In the block
Securityturn it offWPS - Save changes
D-Link (DIR, COVR, EXO)
Interface D-Link may be outdated:
- Go to
Wi-Fi → WPS - Uncheck the box
Enable WPS - Click
Save Settings
🔧 On models DIR-8xx additional shutdown may be required WPS PIN V Advanced → Wireless Settings.
What to do if WPS won't turn off
Sometimes the router ignores settings, or WPS re-enables itself after a reboot. Causes and solutions:
| Problem | Cause | Solution |
|---|---|---|
| WPS turns on by itself | Firmware failure | Update your router software |
| There is no disable option | Stripped down provider firmware | Install alternative firmware (for example, DD-WRT) |
| After disconnecting, Wi-Fi does not work. | Reset security settings | Please reset your password in Wireless Security |
| The WPS button is not responding. | Hardware failure | Disable WPS in settings and use a password |
🛠️ Extreme case: If your router stubbornly refuses to disable WPS and you can't update the firmware, reset it to factory settings (button Reset for 10 seconds). After the reset, set up the network again, do not enable WPS at the installation wizard stage.
⚠️ Attention: On routers from providers (for example, Rostelecom, Beeline, MTS) Access to WPS settings may be restricted. In this case, contact support and request that the feature be disabled—this is your right as a subscriber.
WPS Alternatives: How to Connect Securely
If you need simple authorization without entering a password, there are more secure methods:
- 📱 QR code: Many modern routers (for example, Huawei, Xiaomi) allow connection via QR scanning. The code is generated in the web interface and contains encrypted network data.
- 🔑 WPA3-Personal: A new encryption standard that is resistant to brute force attacks. Supported by routers. ASUS RT-AX88U, Netgear Nighthawk and others.
- 🖧 Guest network: Create a separate network for devices you don't trust, such as smart lights or guests.
- 🔗 EAP-SIM: Suitable for corporate networks - authentication via SIM card (used in MikroTik And Cisco).
🔹 Best choice for home: WPA3-PSK + a complex password (12+ characters with numbers and special characters). Example of a strong password: K7#pL9!vN2@qR4*.
FAQ: Frequently asked questions about WPS
❓ Can I use WPS if I disable PIN authentication?
Yes, but only if you leave it only the WPS button (method PBC). In this case, the risk of hacking is minimal, since physical access to the router is required to connect. However, it's still better to disable WPS completely and use WPA3.
❓ Why does my phone/laptop automatically try to connect via WPS?
Some devices (especially older ones) Android And Windows 7/8) by default search for networks with WPS. To fix this:
- On Android: go to
Settings → Wi-Fi → Advancedand turn it offWPS Push Button. - On Windows: remove the network from the list of saved networks and reconnect by selecting
Connect with a password.
❓ How do I check if WPS is enabled on my router?
There are several ways:
- Look at the router panel - if the indicator is on WPS, the function is active.
- Go to the web interface and find the section
WPSorWi-Fi Protected Setup. - Use the router's mobile app (for example, TP-Link Tether, ASUS Router).
- Download the utility WiFi Analyzer (Android) or inSSIDer (Windows) - It will show if the network supports WPS.
❓ My router won't let me disable WPS. What should I do?
Possible solutions:
- Update your firmware to the latest version (sometimes manufacturers remove WPS in new releases).
- Install alternative firmware (DD-WRT, OpenWRT), if your model is supported.
- Contact the manufacturer's support team and request that WPS be disabled (specify the security risks).
- If nothing helps, replace the router with a model without WPS (for example, Ubiquiti UniFi or Google Nest WiFi).
❓ Is it possible to hack WPS on modern routers?
Yes, even on new models. While some manufacturers have added protection (for example, a temporary lock after 5 unsuccessful attempts), there are workarounds:
- Pixie Dust Attack: Exploits weaknesses in PIN hash generation. Works on 90% of routers.
- PIN leak in firmware: Some routers store the PIN in clear text in flash memory.
- MAC address spoofing: An attacker can “pretend” to be a previously connected device.
🔹 Conclusion: WPS hasn't gotten any more secure over the years. If data security is important to you, disable it permanently.