In today’s hyper-connected world, your WiFi router is one of the most critical tools for protecting your personal data.
As the gateway for emails, video calls, and a myriad financial transactions, it can be a prime target for cybercriminals. And, if you work remotely from home, any sensitive corporate documents that flow into and out of your WiFi network can make for a tempting target, too.
The risks are real: Hackers thousands of miles away can exploit software vulnerabilities to compromise devices, steal information, or turn your connected gadgets into unwitting participants in a sweeping botnet attack.
The good news? Strengthening your home’s WiFi security doesn’t require an IT degree. By following a few straightforward steps, you can significantly reduce the risks and better protect your digital life.Turn On Automatic Updates
Router manufacturers typically release software updates throughout the year to address security threats, fix bugs, and improve performance.
The easiest way to make sure your router always has the latest, safest software is to activate the automatic firmware update feature available on many of today’s models.
Newer routers make this relatively easy through a companion mobile app.
For other routers, you’ll need to look in the device’s settings. You can do that by opening a web browser and typing in the device’s IP address. Very often, the address is 192.168.0.1 or 192.168.1.1. But this varies by brand. So consult the owner’s manual or do an online search for the customer support pages for your router model.
If your router doesn’t provide automatic updates, you’ll have to periodically download and install the new firmware from the manufacturer’s website yourself.
Richard Fisco, who oversees electronics testing at Consumer Reports, says that to be safe you should check for new updates at least every three months.
You can also see if there’s a way to get security notices via email from the router’s manufacturer when new software is available. Many brands offer that as an option during the online product registration process.
Manufacturers do eventually stop releasing new software for older models, though. The routers may lack the memory or processing power needed to run the software effectively. The manufacturer may lose access to support from a component supplier. And companies in the business of selling things do need to shift focus to newer models.
“If you find your router is no longer getting updates, it’s too risky to keep using it,” Fisco says. “Verify its status with the manufacturer, and if it has reached the ‘end of life’ stage, buy a new router.”
One relatively inexpensive router that supports automatic firmware updating is the Netgear Nighthawk AX3000, which costs around $175 and features three units—a hub and two satellites—that work together as a mesh router system to spread WiFi more evenly throughout your home.
Other recommended models include the TP-Link Deco XE75 Pro and Google Nest WiFi.
Turn Off Features You Don’t Use
Modern routers come with many handy features that help you manage your WiFi network, but some create weak spots in your defenses.
So when you’re logged in to your router’s settings, take a minute to review applications that could present opportunities for hackers.
If you don’t use Remote Administration (also known as Remote Management or web access from WAN), make sure it’s turned off. This denies access to the router’s control panel from outside your home network. In most routers, the feature is off by default, but you should confirm this by going to the advanced or administration section of the settings menu.
Disable Universal Plug-and-Play (UPnP), which many home routers have enabled by default. UPnP can help devices on your home network connect to each other, but the added convenience isn’t worth the security risk. This feature can make it easier for malware to spread through your network.
To disable UPnP, log in to your router like you would when changing your password (see below). Find the “tools,” “advanced,” or “advanced networks” menu. From there, make sure the “Enable UPnP” box is unchecked.
And last, if you have a guest network without a password, disable it. You don’t want unwanted guests using it without permission.Use Strong Passwords
There are two crucial passwords on your router: one for the device itself, which you use to log into the admin portal to do things like update settings, and one for the WiFi network created by the router.
You should change both passwords as soon as you set up the router.
Routers typically ship with default passwords used to set up the device. At times, they’re even printed on a label on the router itself. For convenience, the default passwords for lots of routers also appear online—and a password that’s easy for anyone to find is no help at all.
With a little online sleuthing, a hacker could use a default password to access your network and potentially control your router. If that were to happen, the hacker could change your passwords, spy on you, or access the files on a network-attached hard drive.
The settings and connection passwords can both be changed via the router’s mobile app or the settings page (aka 192.168.1.1).
Make sure the passwords you create are strong and unique—that is, different from one another and from any other password you use. They should have at least a dozen characters, with seemingly random upper- and lowercase letters, numbers, and symbols. To keep track of them, you might also consider using a password manager.Change the Default SSID to Something Impersonal
Lastly, you’ll want to change the default name of your WiFi network, also known as the SSID. Leaving the default in place can reveal your router’s make and model, potentially helping hackers break into it—especially if you haven’t changed the default passwords as well.
And rather than change the name of the network to something that can be linked to you (“De Leon Family WiFi,” for example), you should instead give it more of a generic name, says Steve Blair, who oversees digital security testing for Consumer Reports.
Choosing a personal SSID can make it easier for hackers and other ne’er-do-wells to carry out hyper-personalized phishing attacks designed to steal your personal information. “It’s easier than you think,” he adds, ”especially with sites like Wigle,” which lists crowdsourced WiFi network information.
You can even tell your router not to broadcast the SSID at all. Once you do that, any device that has never been connected to your WiFi won’t be able to “see” the network.
To connect to the WiFi via a new device, you have to manually input the network name, instead of selecting it from a list of nearby options. But what is at most a minor inconvenience for you—how often do you connect new devices to your WiFi?—essentially makes your network invisible to would-be hackers.
Use WPA3
Security protocols for routers improve over time, which means the old ones get outdated.
Among other things, the latest standard, known as WPA3, encrypts your WiFi connection, making it harder for cybercriminals to guess your WiFi password using hacking tools that automatically cycle through tens of thousands of possibilities, says Kevin Robinson, vice president of marketing at the WiFi Alliance, which oversees the standard.
WPA3 has been a mandatory inclusion for WiFi-certified devices since 2020. So if your router is reasonably new, it should be supported.
If your router doesn’t support WPA3, use the previous standard, known as WPA2-AES.
Routers that can’t use WPA2 should be replaced, according to Fisco, because they’re simply not equipped to handle today’s threats.