How to secure your Wi-Fi router
By Phil Wilkinson-Jones | Thursday, October 15th 2020
Your router is arguably the most important bit of tech in your house. It's your gateway to the wider online world, the device that stops threats from entering your home network and it's also the one that prevents sensitive information from getting out.
But many of us aren't doing everything we can to make our routers as secure as possible. In this guide we'll go through the ways you can improve your router security – and you may be pleasantly surprised at how simple some of them are.
Why make you router more secure?
It would be nice to think that the free router you were sent by your broadband provider comes with all of the best security features built-in. Sadly, this is not the case. And while its easy to think cyber criminals will only focus their attentions on big companies and governments, the truth is that any organisation or individual with weak online security can become a target.
If a criminal gets access to your home network, they won't just be using up your data to watch Netflix. Hackers could use this to intercept your emails, see your banking details and even access your smart home schedules.
How to make your router more secure
The good news is that there are plenty of things you can do to make your router more secure, in addition to staying safe online generally.
Sort out your passwords and usernames
The golden rule when it comes to router passwords and usernames is never to leave them as the default. Pretty much any password you come up with yourself (we're trusting you not to go with password123) is going to be better than the default password. This is because, although it may look like a series of hard-to-guess letters and numbers, the chances are many other models of the same router will share that password, making it easy to find online.
We're not just talking about the wifi password here. You should also change the password (and if there is one, username), for your router settings. If you need help accessing these, check out our router settings guide.
Turn off WPS, UPnP and remote access
There are a number of features that tend to be switched on by default when your router arrives. But it may not always be in your best interest to leave these things switched on.
For example, Wifi Protected Setup (WPS) was introduced as a way of making it easier to connect new devices to a wifi network. There may be a WPS button on the front of your router – the idea is that you press that button and a button on another device simultaneously and they connect automatically. But WPS has a bad reputation for being insecure and is particularly vulnerable to hackers using a brute force attack, which bombards a device with attempts at guessing usernames and passwords.
Universal Plug and Play (UPnP) is a protocol designed to allow software and hardware to connect without the user having to manually configure the network. By disabling UPnP you may find you'll have to manually set up port forwarding in order to play certain online games or use applications such as Skype, but you'll make your network less susceptible to malware attacks or hackers being able to access your router remotely.
Another simple step is to disabled remote access. This is a feature that allows you to access your router's settings from outside your home. Ask yourself how often you will ever use this feature and whether it's worth the security risk.
Turn off PING responses
You can change your router settings to make sure your router is not responding to PING requests. This means that if someone is scanning for active devices, either for network testing purposes or something more sinister, your router will stay silent instead of responding with an echo reply.
Change your DNS
A DNS (domain name system) is responsible for changing the web address you type into the URL bar into an IP address. It's this process that gives you access to the website you wanted to visit. Well, most routers allow you to change the DNS server that you're using and even add additional servers, which can result in better speeds and builds in resilience against against outages. There are a number of free public DNS servers you can choose from. Google DNS and OpenDNS are two of the biggest.
Use a guest network
Some basic router security advice here – set up a guest network. This means you can give visitors access to wifi without giving away your password. Guest networks also stop users from accessing hardware connected to the network, unless you choose to change permissions.
It's also a good idea to connect smart home gadgets such as smart speakers, thermostats and light bulbs via a guest network. This prevents hackers from exploiting security flaws in your smart devices in order to access your router.
Set a schedule for your network
You can schedule your home network to switch off at certain times of the day or night when you know no-one's going to be using it. Unless you have smart home devices connected to it, then this might be worth doing. If you're network is disabled, it won't show to a hacker.
Filter MAC addresses
Every device you use to connect to your wifi has a media access control (MAC) address. By going into your router settings (most likely the advanced settings), you can tell your router to only allow network access to certain MAC addresses. Somewhere in your router settings (either on the home page or in a menu) there'll be a list of all the devices connected to your network. You can use this to grant or deny access to individual devices.
Check for firmware
When was the last time you checked if your router's firmware was up-to-date? If yours is a relatively new router it may be doing this automatically, but it's worth checking. It's the same principal as it is for your phone or your laptop – if you don't have the latest update, then your device probably isn't as secure as it could be. Head to your router settings to check for available downloads.
Use a strong antivirus and firewall
Most routers come with a built-in firewall that can switched on or off. Log into your router settings and make sure yours is enabled. If you haven't already, it's also a good idea to install an antivirus with built-in firewall, such as Norton or Bullguard.
Choose a good SSID/network name
Your SSID is the name that identifies your network. You should change this from the default name, but avoid choosing anything that identifies you or your address. If you head to your router settings, you may also be able to stop your router from broadcasting your SSID, so people will only be able to find it if they type it in.
The information you send and receive over the internet is encrypted, which means if anyone other than the intended recipient looks at it, it'll be scrambled. There are three common encryption standards your router is likely to use: WEP, WPA and WPA2.
- Wired Equivalent Privacy (WEP) – This protocol has been around since 1999 and despite being officially retired by the Wifi Alliance in 2004, is still widely used around the world. It uses radio waves and for every data packet transmitted, it uses the same encryption key. This makes it a fairly soft target for hackers
- Wifi Protected Access (WPA) – WPA is the protocol that replaced WEP. It scrambles its encryption key so doesn't suffer from the same problems but is now a legacy protocol and isn't the very safest type of encryption around
- Wifi Protected Access 2 WPA2) – This is the most up-to-date and secure type of encryption available. If WPA2 is an encryption option in your router settings, you should enable it
- Advanced Encryption Standard – The US government uses AES to protect classified information. On some newer routers, it is possible to enable Advanced Encryption Standard as well as WPA2. If you can do this, you probably should
Frequently asked questions
How do I check my router security?
Log into your router settings and look for 'security settings' in the menu. Some routers settings include a traffic light system that tells you how secure your network and broadband connection is.
Do I need a firewall for my router?
Yes, your router should have a firewall to help sensitive information from getting out and to stop threats from coming in to your home network. Your router may already have a built-in firewall. You can find out by logging into your router settings.
Can someone hack my wifi?
It is entirely possible that a hacker could target your wifi network for a number of reasons. By following the steps we've set out above, you can greatly reduce the risk that they'll even be able to find your wifi network in the first place.
Is someone using my wifi?
By logging into your router settings, you'll be able to see a list of all the devices that are connected to your wifi network. If there are any devices you don't recognise, you can simply deny them access. Be aware that old devices you haven't used in a while may still show as being connected to your network – it may not necessarily be a cheeky neighbour!
Is a router password the same as a wifi password?
No, a wifi password is what you enter in order to connect a device to a wifi network. A router password is what you'll be asked for in order to log into your router settings.