Dan Howdle September 3rd, 2024
Your router is arguably the most important bit of tech in your house. It's your gateway to the wider online world, the device that both stops threats from entering your home network and prevents sensitive information from getting out.
But many of us aren't doing everything we can to make our routers as secure as possible. In this guide, we'll go through the ways you can improve your router security – and you may be pleasantly surprised at how simple some of them are.
It would be nice to think that the free router you were sent by your broadband provider comes with all the best security features built-in. Sadly, this is not the case. And while it’s easy to think cybercriminals will only focus their attention on big companies and governments, the truth is that any organisation or individual with weak online security can become a target.
If a criminal gains access to your home network, they won't just be using up your data to watch Netflix. Hackers could use this access to intercept your emails, see your banking details, and even access your smart home devices.
The good news is that there are plenty of things you can do to make your router more secure, in addition to staying safe online generally.
The golden rule when it comes to router passwords and usernames is never to leave them as the default. Pretty much any password you come up with yourself (we're trusting you not to go with "password123") is going to be better than the default password. This is because, although it may look like a series of hard-to-guess letters and numbers, the chances are many other models of the same router will share that password, making it easy to find online.
We're not just talking about the wifi password here. You should also change the password (and if there is one, username) for your router settings.
Router Model | Default Username | Default Password |
---|---|---|
Netgear Nighthawk | admin | password |
TP-Link Archer | admin | admin |
Linksys WRT | admin | admin |
ASUS RT-AC68U | admin | admin |
There are several features that tend to be switched on by default when your router arrives. But it may not always be in your best interest to leave these things switched on.
For example, Wifi Protected Setup (WPS) was introduced as a way of making it easier to connect new devices to a wifi network. There may be a WPS button on the front of your router – the idea is that you press that button and a button on another device simultaneously and they connect automatically. But WPS has a bad reputation for being insecure and is particularly vulnerable to hackers using a brute force attack, which bombards a device with attempts at guessing usernames and passwords.
Universal Plug and Play (UPnP) is a protocol designed to allow software and hardware to connect without the user having to manually configure the network. By disabling UPnP, you may find you'll have to manually set up port forwarding in order to play certain online games or use applications such as Skype, but you'll make your network less susceptible to malware attacks or hackers being able to access your router remotely.
Another simple step is to disable remote access. This is a feature that allows you to access your router's settings from outside your home. Ask yourself how often you will ever use this feature and whether it's worth the security risk.
You can change your router settings to make sure your router is not responding to PING requests. This means that if someone is scanning for active devices, either for network testing purposes or something more sinister, your router will stay silent instead of responding with an echo reply.
A DNS (domain name system) is responsible for changing the web address you type into the URL bar into an IP address. It's this process that gives you access to the website you wanted to visit. Well, most routers allow you to change the DNS server that you're using and even add additional servers, which can result in better speeds and build in resilience against outages. There are several free public DNS servers you can choose from. Google DNS and OpenDNS are two of the biggest.
Provider | Primary DNS | Secondary DNS |
---|---|---|
Google DNS | 8.8.8.8 | 8.8.4.4 |
OpenDNS | 208.67.222.222 | 208.67.220.220 |
Cloudflare DNS | 1.1.1.1 | 1.0.0.1 |
Some basic router security advice here – set up a guest network. This means you can give visitors access to wifi without giving away your primary network password. Guest networks also stop users from accessing hardware connected to the network, unless you choose to change permissions.
It's also a good idea to connect smart home gadgets such as smart speakers, thermostats, and light bulbs via a guest network. This prevents hackers from exploiting security flaws in your smart devices to access your router.
You can schedule your home network to switch off at certain times of the day or night when you know no one will be using it. Unless you have smart home devices connected to it, this might be worth doing. If your network is disabled, it won't show to a hacker.
Every device you use to connect to your wifi has a media access control (MAC) address. By going into your router settings (most likely the advanced settings), you can tell your router to only allow network access to certain MAC addresses. Somewhere in your router settings (either on the home page or in a menu), there'll be a list of all the devices connected to your network. You can use this to grant or deny access to individual devices.
Device Type | Example MAC Address |
---|---|
Smartphone | 00:1A:2B:3C:4D:5E |
Laptop | 11:22:33:44:55:66 |
Smart TV | AA:BB:CC:DD:EE:FF |
Gaming Console | 77:88:99:AA:BB:CC |
When was the last time you checked if your router's firmware was up-to-date? If yours is a relatively new router, it may be doing this automatically, but it's worth checking. It's the same principle as it is for your phone or your laptop – if you don't have the latest update, then your device probably isn't as secure as it could be. Head to your router settings to check for available downloads.
Most routers come with a built-in firewall that can be switched on or off. Log into your router settings and make sure yours is enabled. If you haven't already, it's also a good idea to install antivirus software with a built-in firewall, such as Norton or Bullguard.
Your SSID is the name that identifies your network. You should change this from the default name, but avoid choosing anything that identifies you or your address. If you head to your router settings, you may also be able to stop your router from broadcasting your SSID, so people will only be able to find it if they type it in. This step is particularly important for maintaining privacy.
The information you send and receive over the internet is encrypted, which means if anyone other than the intended recipient looks at it, it'll be scrambled. There are three common encryption standards your router is likely to use: WEP, WPA, WPA2, or even WPA3.
Cable.co.uk's broadband postcode checker will find you the best deals, providers and speeds where you live. It's free and takes less than a minute to check and compare.
Log into your router settings and look for 'security settings' in the menu. For the majority of routers, you need to type 192.168.1.1 into the address bar of your browser and then enter the router password supplied with your router. Some router settings include a traffic light system that tells you how secure your network and broadband connection is. Regularly reviewing and updating these settings is key to maintaining optimal security.
Yes, your router should have a firewall to help prevent sensitive information from getting out and to stop threats from coming into your home network. Your router may already have a built-in firewall. You can find out by logging into your router settings. Ensure that it is enabled to provide an additional layer of security.
It is entirely possible that a hacker could target your wifi network for a number of reasons. By following the steps we've set out above, you can greatly reduce the risk that they'll even be able to find your wifi network in the first place. Regularly updating your router’s firmware and using strong, unique passwords for your network are crucial defenses against potential attacks.
By logging into your router settings, you'll be able to see a list of all the devices that are connected to your wifi network. If there are any devices you don't recognise, you can simply deny them access. Be aware that old devices you haven't used in a while may still show as being connected to your network – it may not necessarily be a cheeky neighbour! Checking this list periodically can help you monitor for unauthorised access.
No, a wifi password is what you enter in order to connect a device to a wifi network. A router password is what you'll be asked for in order to log into your router settings. Both should be strong and unique to prevent unauthorised access.
If you forget your router password, you can reset your router to its factory settings, which will restore the default username and password. This is usually done by holding down the reset button on the router for about 10-15 seconds. Once reset, you can log in using the default credentials, but make sure to set a new, strong password immediately afterward.
The safest encryption for your router is WPA3, the latest Wi-Fi security standard. It offers stronger security than its predecessors (WPA2, WPA) and provides enhanced protection against brute-force attacks. If WPA3 is available in your router settings, it is highly recommended to enable it.
It is advisable to check for router firmware updates every few months. If your router doesn't automatically update its firmware, you should log in to your router settings to manually check for updates. Keeping your firmware up to date ensures that you have the latest security patches and performance improvements.
Yes, using a VPN (Virtual Private Network) can significantly increase your router's security by encrypting all internet traffic that passes through the router. This adds an extra layer of privacy and protects against potential threats such as hackers and data snoopers. Some routers even allow you to install VPN software directly, securing all devices connected to the network.