Securing Your Home Wi-Fi Router

Step 1: change the admin login

Default admin credentials for most popular routers are listed on public databases. Open the router admin page (usually 192.168.0.1 or 192.168.1.1), set a strong unique password, and save it in your password manager.

Step 2: pick the right Wi-Fi security

Set encryption to WPA3 if every device on your network supports it; otherwise WPA2 with AES. Avoid WEP and ‘open’ networks. Use a long passphrase — three random words plus numbers is plenty.

Step 3: update the firmware

Most modern routers can auto-update; turn it on. If yours can’t, mark a calendar reminder for every three months. Old firmware is the most common router weakness.

Step 4: disable risky features

Turn off WPS (the easy-pair button) — it has known weaknesses. Turn off remote management unless you actively use it. Disable UPnP if you can — it punches holes in the firewall automatically.

Step 5: separate guests and IoT

Enable the guest network feature. Put visitors’ phones, smart speakers, and smart bulbs on it. If one of those is compromised, it can’t reach your laptop or NAS.

Frequently asked questions

Should I hide my SSID?

It doesn’t add real security — devices can find ‘hidden’ networks easily — and it complicates connecting. Skip it.

Is MAC filtering useful?

Slightly, against casual neighbours. Determined attackers can spoof MAC addresses. WPA3 is the bigger win.

Do I need a separate VLAN for IoT?

A guest network is good enough for most homes. VLANs are for users who already understand them.

Related guides