Securing your Wi-Fi router: Protect your home network

Dan Howdle • September 3rd, 2024

Your router is arguably the most important bit of tech in your house. It's your gateway to the wider online world, the device that both stops threats from entering your home network and prevents sensitive information from getting out.

But many of us aren't doing everything we can to make our routers as secure as possible. In this guide, we'll go through the ways you can improve your router security – and you may be pleasantly surprised at how simple some of them are.

Why make your router more secure?

It would be nice to think that the free router you were sent by your broadband provider comes with all the best security features built-in. Sadly, this is not the case. And while it’s easy to think cybercriminals will only focus their attention on big companies and governments, the truth is that any organisation or individual with weak online security can become a target.

If a criminal gains access to your home network, they won't just be using up your data to watch Netflix. Hackers could use this access to intercept your emails, see your banking details, and even access your smart home devices.

How to make your router more secure

The good news is that there are plenty of things you can do to make your router more secure, in addition to staying safe online generally.

Sort out your passwords and usernames

The golden rule when it comes to router passwords and usernames is never to leave them as the default. Pretty much any password you come up with yourself (we're trusting you not to go with "password123") is going to be better than the default password. This is because, although it may look like a series of hard-to-guess letters and numbers, the chances are many other models of the same router will share that password, making it easy to find online.

We're not just talking about the wifi password here. You should also change the password (and if there is one, username) for your router settings.

Default router login credentials by popular models

Router Model	Default Username	Default Password
Netgear Nighthawk	admin	password
TP-Link Archer	admin	admin
Linksys WRT	admin	admin
ASUS RT-AC68U	admin	admin

Turn off WPS, UPnP, and remote access

There are several features that tend to be switched on by default when your router arrives. But it may not always be in your best interest to leave these things switched on.

WPS link on the back of a broadband router

For example, Wifi Protected Setup (WPS) was introduced as a way of making it easier to connect new devices to a wifi network. There may be a WPS button on the front of your router – the idea is that you press that button and a button on another device simultaneously and they connect automatically. But WPS has a bad reputation for being insecure and is particularly vulnerable to hackers using a brute force attack, which bombards a device with attempts at guessing usernames and passwords.

Universal Plug and Play (UPnP) is a protocol designed to allow software and hardware to connect without the user having to manually configure the network. By disabling UPnP, you may find you'll have to manually set up port forwarding in order to play certain online games or use applications such as Skype, but you'll make your network less susceptible to malware attacks or hackers being able to access your router remotely.

Another simple step is to disable remote access. This is a feature that allows you to access your router's settings from outside your home. Ask yourself how often you will ever use this feature and whether it's worth the security risk.

Turn off PING responses

You can change your router settings to make sure your router is not responding to PING requests. This means that if someone is scanning for active devices, either for network testing purposes or something more sinister, your router will stay silent instead of responding with an echo reply.

Change your DNS

A DNS (domain name system) is responsible for changing the web address you type into the URL bar into an IP address. It's this process that gives you access to the website you wanted to visit. Well, most routers allow you to change the DNS server that you're using and even add additional servers, which can result in better speeds and build in resilience against outages. There are several free public DNS servers you can choose from. Google DNS and OpenDNS are two of the biggest.

Recommended DNS servers

Provider	Primary DNS	Secondary DNS
Google DNS	8.8.8.8	8.8.4.4
OpenDNS	208.67.222.222	208.67.220.220
Cloudflare DNS	1.1.1.1	1.0.0.1

Use a guest network

Some basic router security advice here – set up a guest network. This means you can give visitors access to wifi without giving away your primary network password. Guest networks also stop users from accessing hardware connected to the network, unless you choose to change permissions.

It's also a good idea to connect smart home gadgets such as smart speakers, thermostats, and light bulbs via a guest network. This prevents hackers from exploiting security flaws in your smart devices to access your router.

Set a schedule for your network

You can schedule your home network to switch off at certain times of the day or night when you know no one will be using it. Unless you have smart home devices connected to it, this might be worth doing. If your network is disabled, it won't show to a hacker.

Filter MAC addresses

Every device you use to connect to your wifi has a media access control (MAC) address. By going into your router settings (most likely the advanced settings), you can tell your router to only allow network access to certain MAC addresses. Somewhere in your router settings (either on the home page or in a menu), there'll be a list of all the devices connected to your network. You can use this to grant or deny access to individual devices.

Common MAC Addresses by device type

Device Type	Example MAC Address
Smartphone	00:1A:2B:3C:4D:5E
Laptop	11:22:33:44:55:66
Smart TV	AA:BB:CC:DD:EE:FF
Gaming Console	77:88:99:AA:BB:CC

Check for firmware updates

When was the last time you checked if your router's firmware was up-to-date? If yours is a relatively new router, it may be doing this automatically, but it's worth checking. It's the same principle as it is for your phone or your laptop – if you don't have the latest update, then your device probably isn't as secure as it could be. Head to your router settings to check for available downloads.

Use a strong antivirus and firewall

Most routers come with a built-in firewall that can be switched on or off. Log into your router settings and make sure yours is enabled. If you haven't already, it's also a good idea to install antivirus software with a built-in firewall, such as Norton or Bullguard.

Choose a good SSID/network name

Your SSID is the name that identifies your network. You should change this from the default name, but avoid choosing anything that identifies you or your address. If you head to your router settings, you may also be able to stop your router from broadcasting your SSID, so people will only be able to find it if they type it in. This step is particularly important for maintaining privacy.

Encryption

The information you send and receive over the internet is encrypted, which means if anyone other than the intended recipient looks at it, it'll be scrambled. There are three common encryption standards your router is likely to use: WEP, WPA, WPA2, or even WPA3.

Wired Equivalent Privacy (WEP) – This protocol has been around since 1999 and despite being officially retired by the Wifi Alliance in 2004, is still widely used around the world. It uses radio waves and for every data packet transmitted, it uses the same encryption key. This makes it a fairly soft target for hackers.
Wifi Protected Access (WPA) – WPA is the protocol that replaced WEP. It scrambles its encryption key, so it doesn't suffer from the same problems but is now a legacy protocol and isn't the safest type of encryption around.
Wifi Protected Access 3 (WPA3) – This is the most up-to-date and secure type of encryption available. If WPA3 is an encryption option in your router settings, you should enable it.
Advanced Encryption Standard (AES) – The US government uses AES to protect classified information. On some newer routers, it is possible to enable Advanced Encryption Standard along with WPA3. If you can do this, it will significantly increase your network security.

Broadband near you

Cable.co.uk's broadband postcode checker will find you the best deals, providers and speeds where you live. It's free and takes less than a minute to check and compare.

Frequently asked questions

How do I check my router security?

Log into your router settings and look for 'security settings' in the menu. For the majority of routers, you need to type 192.168.1.1 into the address bar of your browser and then enter the router password supplied with your router. Some router settings include a traffic light system that tells you how secure your network and broadband connection is. Regularly reviewing and updating these settings is key to maintaining optimal security.

Do I need a firewall for my router?

Yes, your router should have a firewall to help prevent sensitive information from getting out and to stop threats from coming into your home network. Your router may already have a built-in firewall. You can find out by logging into your router settings. Ensure that it is enabled to provide an additional layer of security.

Can someone hack my wifi?

It is entirely possible that a hacker could target your wifi network for a number of reasons. By following the steps we've set out above, you can greatly reduce the risk that they'll even be able to find your wifi network in the first place. Regularly updating your router’s firmware and using strong, unique passwords for your network are crucial defenses against potential attacks.

Is someone using my wifi?

By logging into your router settings, you'll be able to see a list of all the devices that are connected to your wifi network. If there are any devices you don't recognise, you can simply deny them access. Be aware that old devices you haven't used in a while may still show as being connected to your network – it may not necessarily be a cheeky neighbour! Checking this list periodically can help you monitor for unauthorised access.

Is a router password the same as a wifi password?

No, a wifi password is what you enter in order to connect a device to a wifi network. A router password is what you'll be asked for in order to log into your router settings. Both should be strong and unique to prevent unauthorised access.

What should I do if I forget my router password?

If you forget your router password, you can reset your router to its factory settings, which will restore the default username and password. This is usually done by holding down the reset button on the router for about 10-15 seconds. Once reset, you can log in using the default credentials, but make sure to set a new, strong password immediately afterward.

What is the safest encryption for my router?

The safest encryption for your router is WPA3, the latest Wi-Fi security standard. It offers stronger security than its predecessors (WPA2, WPA) and provides enhanced protection against brute-force attacks. If WPA3 is available in your router settings, it is highly recommended to enable it.

How often should I update my router's firmware?

It is advisable to check for router firmware updates every few months. If your router doesn't automatically update its firmware, you should log in to your router settings to manually check for updates. Keeping your firmware up to date ensures that you have the latest security patches and performance improvements.

Can using a VPN increase my router's security?

Yes, using a VPN (Virtual Private Network) can significantly increase your router's security by encrypting all internet traffic that passes through the router. This adds an extra layer of privacy and protects against potential threats such as hackers and data snoopers. Some routers even allow you to install VPN software directly, securing all devices connected to the network.

Back to top