There is a very good chance that you’re reading this article from home. If you are, there is also an excellent chance that you’re connected to the internet via a home Wi-Fi network.
While home wireless networks are arguably a must-have in today’s world, since so many devices use the internet, a Wi-Fi network also presents its own particular set of security risks.
Home network security risks run the gamut from promiscuous password sharing, to weak passwords, to opportunistic hackers exploiting the fact that you didn’t set a new password on your router when you set it up. This means all Wi-Fi router owners need to take steps to better protect the security of their home Wi-Fi, as well as the devices that connect to it.
Luckily, many of the steps you can take to keep the bad guys out take only a few moments each to put in place, making it a simple matter to protect yourself and your Wi-Fi network from the bad actors of the world.
1) Change Your Router’s Administrator Login and Password
Every Wi-Fi router you purchase will have a default administrator login and password. These are intended to allow you to access the router’s settings after plugging it in for the first time, and should be changed immediately after gaining access.
Why is this important? Because if you leave the admin login and password the same as it came out of the box, anyone who connects to your Wi-Fi network can access your router’s settings console and make changes to your network. This includes everyone from hackers to your impetuous and computer-savvy 8-year-old.
Default admin logins for various router makes and models are available in multiple places on the internet (just Google your router model and “admin password”), and I’d venture to say that most routers have it printed somewhere on the router itself. (Look on the back or bottom of your router, and you’ll probably find it. And there is a good chance that the password is “password.”)
By changing your Wi-Fi router’s admin password to something secure and known only to you, you’ll ensure that no one else has access to your router’s settings.
A secure password is generally considered to be a random combination of letters, numbers, and special characters, at least 12 characters long. While “[email protected]&YXxd23” is tougher to remember than your favorite pet’s name or your spouse’s middle name, it’s also a heckuva lot tougher to guess.
If you have trouble remembering the password, write it down on a sticky note and put it in a safe, or save it in a virtual vault, like a password manager.
Be sure to change your administrator password regularly. This reduces the chances of hackers guessing your password and taking control of your network.
2) Play It Smart With Your Wi-Fi Password
Change Your Wi-Fi Network Password
You’ll also want to set a Wi-Fi network password to keep unauthorized folks off of your network. This is something else that you’ll want to do immediately after plugging it in. (The Wi-Fi security network password is the one that users enter when they attempt to connect to your network.)
Your Wi-Fi router may come out of the box with either no Wi-Fi network password, or a default password. Either way, it’s up to you to set a strong password. Just like your admin password, it’s essential to make your network password as secure as possible. Your Wi-Fi password is also a good candidate for saving in a virtual vault in a password manager.
Once you’ve set a new network password, change it regularly. While this means you’ll also have to change the password on all of your connected home devices, it will be worth it in the long run, as you’re reducing the chances that a bad guy will guess it and break into your network.
Never Give Your Wi-Fi Password to an Outsider
When you have visitors in your home, such as relatives, friends and friends of your offspring, they may ask to use your Wi-Fi network. When that happens, don’t write the password down for them. Instead, spell out the password for them, or better yet, offer to enter the password for them.
Other visitors, such as repairmen, salespeople and others do not need your Wi-Fi password. Their employer should provide network devices with a data plan for their use. A plumber has no need for your Wi-Fi password. Well, unless he’s installing your new internet-enabled bidet, then he might need it for testing.
3) Change the Network Name
Your router also comes out of the box with a default network name, called an “SSID.”
While this makes life easy for the router manufacturer, it also makes life easy for hackers, as they can look up the SSID on the web and discover the default admin login information, and the default Wi-Fi password. (Luckily, we’ve already changed both of those. Right? Right?)
When changing your Wi-Fi Router’s SSID, you can be as clever as you’d like, but I strongly recommend not including any identifying information, such as your name, address or phone number.
I usually name my SSID something like “FBI-VAN75,” or “YouKidsGetOffMyLAN.” Currently, one of my Internet routers has an SSID of “TellMyWi-FiLoveHer.” That was my wife’s idea, she has a great sense of humor. But that’s obvious, I mean, she married me, right?
A name like “FBI-VAN75” will make outsiders think twice about connecting to your network. (And possibly make them think twice about some of their life choices.)
Try to avoid making political statements or challenges to hackers, like “ComeHackMeDude.” You’ll also want to keep it clean – don’t use offensive language. (Using double entendres is up to you.) Remember, unless you hide your Wi-Fi network (more about that later), your neighbors will likely see your Wi-Fi signal.
4) Make Sure Your Network Uses the Strongest Wi-Fi Encryption
Encryption is best described as a protective tunnel around your Wi-Fi connection, which prevents your network-related activities from being monitored.
This keeps outsiders from stealing your important information. This is especially important when you’re using your connection to shop online, do your banking online or pay bills online.
However, hackers have no problem in defeating weak encryption, and that’s why it is vitally important to make sure your network is using the strongest Wi-Fi encryption available.
As you can see in the screenshot above, there are multiple types of protection that you can use on a Wi-Fi network. The available types of protection will vary according to the brand and age of your router. Older routers will generally use weaker forms of encryption.
As shown above, my Internet router offers three options for protection. Of the three, the one I use, WPA2-PSK [AES], offers the best protection. This option uses the AES cipher to protect the network transmissions, and the encryption method is impossible to crack.
5) Hide Your Wi-Fi Network
You can also hide your Wi-Fi network from users by turning off your router’s SSID broadcasting.
While all of the devices that have previously connected to your Wi-Fi network will still connect, other devices and users will no longer see your network in a list of surrounding Wi-Fi networks. (Some lists may show an entry for “Hidden Network,” but users will not be able to connect without the real network name.)
One drawback of hiding your wireless network is that when you’re adding new devices to the network, they won’t see the network to connect to it. However, some devices will allow you to enter a network name manually, or you can simply enable the SSID broadcast long enough to connect the new device, and then disable it once you’ve connected.
While the jury is still out on whether disabling your network’s SSID broadcast actually makes it more secure, it does at least prevent visitors from seeing your network and asking to connect to it.
While an experienced hacker with the right tools can still sniff the traffic from your router and eventually determine the SSID, it adds another step to the process, and it might cause a hacker to move on to a more appealing target.
6) Set Up a “Guest Network” on Your Router
If you want to offer your guests access to your internet access point while keeping them away from the resources on your home Wi-Fi network, you can set up a guest network.
A guest network allows users to connect to the internet without accessing your network’s devices, storage, or other equipment, like printers. (Let them go home and use their own paper and printer ink, right?)
You can still require a password to use the guest connection, and I recommend making it a different password than the one used for your internal Wi-Fi network – otherwise, savvy users might try the password on your private network.
7) Disable Plug ‘n Play
Universal Plug ‘n Play is a critical element of the Internet of Things. UPnP allows devices in your home (devices like smart appliances, smart speakers and other connected devices) to discover the network and communicate with their manufacturer to download firmware updates and other information.
Unfortunately, Universal Plug ‘n Play also opens the door to hackers. A worm or malware program can use UPnP to compromise the wireless security of your wireless local area network
. Hackers have used the flaws in UPnP to infect smart household devices and enlist them into botnets, which are then used to commit a DDoS attack by sending an overload of requests against a server or network.
Once an Internet of Things device is connected, disable Universal Plug ‘n Play.
8) Turn Off Remote Management
I strongly recommend that you always have remote management disabled.
While remote management allows you to access your Wi-Fi network’s router management console over the internet from a remote location, it also opens that same access to other folks, such as hackers. Only allow access from inside your network.
9) Limit the Use of Wi-Fi Protected Setup (WPS)
Wi-Fi Protected Setup (WPS) makes adding new devices to your network much easier. However, it also makes hackers’ lives much more comfortable.
WPS uses one of two methods to get a new device to recognize and connect to a network. If your router has a button on the back of it (or a virtual button you can click in the browser, as seen below), pushing it will send a signal to the device, adding it to the network and passing along login credentials, so no need for a password.
Or, you can also use an eight-character numeric code entered into the network settings on the device. The code method is easy to crack.
If you use WPS to add devices to your network, use the WPS button if at all possible. Turn off the WPS code functionality and only use the WPS button. If a button isn’t available, I recommend turning off WPS completely.
10) Keep Your Router Firmware Updated
Much like the operating system on your computer or mobile device, a router’s firmware is what operates the router and sets the rules that the router runs by. The firmware rules all of a router’s online security settings and operation.
And, just like your computer’s operating system, a router’s firmware will be updated by the manufacturer from time to time. However, you can also manually update the firmware, just to make sure you actually have the latest version of the firmware.
Most routers will offer a method of downloading and automatically updating the firmware, as seen above. The process usually takes only a few minutes, depending on your router and the speed of your internet connection.
By updating your router’s firmware, you can ensure that your router is protected against any bugs and security holes that may have been discovered in the past.
11) Enable Your Router’s Firewall
If your router has a firewall, enable it. This helps to block unrequested traffic from outside of your network.
If a firewall setting is available, it’s likely in the advanced settings of your router’s console. If you can’t find the firewall settings, visit the support section of the router manufacturer’s website for more information.
Even better to use a hardware firewall but these are less common in the home environment.
Many router consoles will display a list or diagram showing all of the devices connected to your router. Check this periodically, and if you see any devices you don’t recognize, block them from the network.
13) Check Port 32764 to Find Out If It’s Open
In 2014, it was discovered that the firmware used in certain routers ran a process that listened at port 32764. Any open port can allow hackers entry to your network, and they can then cause havoc on the router or your network.
Affected routers include hardware from a supplier called SerComm. Many router manufacturers, including Cisco, Netgear, Linksys, and Diamond, are customers of SerComm. Check here to find out if your router is on the list of known affected routers.
You can also check to see if port 32764 is open by visiting this website. If it is open, contact your router manufacturer for assistance. While you can manually close this, or other open ports, on your router, they can be reopened without your knowledge. If the router company can’t provide a security patch to remedy this issue, get another router from a different company.
14) Don’t Install Software From Untrusted Sources
This pertains to the devices that connect to your Wi-Fi network. Never install software or copy files from untrusted or unknown sources. Pirated copies of software and other files will sometimes include viruses or malware.
Be careful when sharing and downloading files via BitTorrent or when downloading files from the internet.
15) Keep All of Your Devices Updated
Make sure all of the devices that connect to your Wi-Fi network are updated. This includes computers, mobile devices, game consoles, smart TVs, streaming boxes, security cams and even that internet-connected refrigerator you’re so proud of.
Updating your computers, mobile devices and other connected devices will help ensure that the devices are running the latest version of the software, which often includes fixes for security issues.
Most computer and mobile operating systems can be set to update automatically. If your device’s operating system doesn’t offer auto-update functionality, be sure to check from time to time to see if updates are available.
Most other connected devices will also offer updates. Some devices, such as Wi-Fi-enabled security cameras, doorbells, smart speakers and other devices may require you to check in the app you use to control the device.
16) Install Antivirus Software and Anti-Malware Apps on Your Devices
Always run antivirus software and anti-malware apps on your devices. Internet security software protects your computer and mobile devices from becoming infected by malicious software that hackers can use to access your Wi-Fi network from inside.
For more information about Internet security software, in particular antivirus software and malware protection, read my article here.
17) Use a VPN
A Virtual Private Network (VPN) is usually used on your connected devices, including computers, mobile devices, some smart TVs and more.
A VPN is designed to encrypt your internet connection, preventing outside parties (like your ISP, the government and hackers) from monitoring your online activities. A VPN can also open access to online content that might usually be unavailable in your region of the world.
A VPN can be set up to run on your Wi-Fi router. By running a VPN on your router, you can protect all of your connected devices, even those that normally couldn’t benefit from VPN protection, such as streaming boxes, game consoles, and of course your internet-connected refrigerator.
A Wi-Fi-based VPN encrypts the traffic of all of your connected network devices, ensuring that even if a hacker breaks into your router, your actual internet traffic is still protected due to the VPN’s encrypted tunnel of protection.
Find the best VPN for your router.
18) Place Your Wi-Fi Router In the Middle of Your Home
I can imagine that some of you have a “dog watching a card trick” look on your face after reading the headline above. “How can putting my Wi-Fi router in the middle of my house help make my network more secure?” I’m glad you asked.
When your internet service provider installed your internet pipeline, they likely installed the connection outlet on an outside wall. There’s nothing wrong with this, and it actually makes sense, as outside walls are easier to access than running the cable underneath the house, or routing it through an attic or crawlspace.
This likely also means that your Wi-Fi router is located on that same outside wall, as that puts it near the cable or DSL modem. But, this also means that you’re sending half your Wi-Fi signal out into the world, allowing outsiders to pick up on the signal from the sidewalk or the road beyond. This opens you up to “drive-by” hacking from outside your home.
By moving your Wi-Fi router to the center of your home, you can limit access from the street, and you may actually provide better Wi-Fi coverage inside the home, since you’ve centralized its location.
This will require you to run an extra ethernet cable to the new location, and we’re back to running cable through the attic or crawlspace. If you’re not heavily into the whole aesthetics thing, you can just run the cable under rugs or along baseboards. It’s up to you as to how much effort you want to put into the whole thing.
This option, and the next one I’m about to tell you about, may seem a bit odd, but I wanted to make sure you had every option at hand to protect your Wi-Fi network.
19) Turn Your Home Into a Faraday Cage
Once upon a time, I lived in sunny Southern California in a house that became known as “where cellular signals go to die.” The area I lived in had decent cellular service. However, once you stepped a few feet into my home, your bars would drop to zero.
I eventually found out that the older home I lived in included chicken wire in its list of construction materials. (The chicken wire was used inside the outside walls of the home.) The metal chicken wire prevented the cell phone signals from passing through the walls, killing any chance of successful cellular-based communications.
The chicken wire in the old house created what is called a Faraday Cage. A Faraday Cage (also known as a Faraday Shield) is an enclosure designed to block electromagnetic fields, like those used by a cell phone or your Wi-Fi router.
This option is likely best left to users who are planning to build a new home or remodel an existing one, as tearing out your walls to put in chicken wire or metal bars is likely too extreme for even the most enthusiastic home network security aware user.
However, there are other ways to reduce the amount of Wi-Fi signal leaking from your home.
If you’re planning on refreshing your home’s exterior look, you can use aluminum siding to help block Wi-Fi signals and give your home that fabulous 1960’s look. You can also hang window curtains that contain metallic thread, or paint your interior walls using EMF shielding paint.
While all of these will help block your Wi-Fi signal from escaping your home (and possibly prevent aliens from monitoring your brainwaves as you sleep), be advised that it will also reduce the bars on your cell phone. So these suggestions are best left to homeowners that are heavily into privacy (or tin foil hats).
20) Turn Off Your Wi-Fi Network When Away From Home
If you’re going to be away from home for long periods, you can simply unplug your Wi-Fi router. This has the double benefit of preventing hackers from playing on your network while you’re not around and preventing the router from being damaged by power surges.
However, this also prevents you from checking on your home (and cats) by remotely accessing your internet-connected security cams. And as for the power surge issue, why aren’t you using a power surge protector? UGH!
21) Set Up a Separate Wi-Fi Network for Internet of Things Devices
Internet of Things (IoT) devices (smart TVs, Alexa and Google smart speakers, security and nanny cams, and yes, the internet-connected refrigerator) continue to find their way into our homes and onto our Wi-Fi networks.
Unfortunately, IoT home devices are a proven way for bad guys to get into your Wi-Fi network. Numerous news reports offer up accounts of bad guys monitoring nanny cams and even talking to the children through them (YUCK!). Other news reports include hackers using IoT devices to form a botnet to conduct denial of service attacks against various online targets.
One solution for this is to set up a separate Wi-Fi network for your IoT devices, keeping them separate from the network used for your computers, tablets and phones. This will allow you to enjoy the benefits of IoT devices, while protecting your main Wi-Fi network from hacker attacks.
Stay Safe, My Friends
As I write this, the world is currently in the throes of the COVID-19 virus pandemic, with millions of folks forced to work (and play) from home. This makes safe, secure and reliable access to the internet a must.
Luckily, users don’t have to be tech experts to implement these basic security precautions of their home wireless networks. Most of the above solutions require little to no financial outlay. (Well, except for totally remodeling your home, and even I think that’s a bit too extreme.)
I believe I have covered all of the steps users can take to protect their Wi-Fi networks from hackers and folks looking to take a free ride on the user’s dime. But, if I’ve overlooked any ideas that are working for you, please leave a message in the comments section to share your knowledge with other readers.
Wi-Fi Home Network FAQ
Do You Have to Have an Internet Provider to Get WiFi?
While you can have a WiFi network without an internet provider, you will not have a connection to the internet. Your WiFi router needs to be connected to the internet.
An internet connection is provided by your cable company, phone company or other internet service provider. Without a connection through your ISP, all you have is a connection to the other device on your home network.
How Can I Make My Whole House WiFi?
There are many contributing factors in ensuring your router’s WiFi signal covers all parts of your home. First of all, the more central your router is located, the better the coverage will be throughout your home.
You might also try another WiFi channel. WiFi routers use channels, just like your home or auto radio. Radio stations can bleed over onto another station. Interference similar to that can happen when your neighbor’s WiFi router is using the same channel your router is. Enter your router’s settings and change your router to a different channel, your coverage might improve.
Don’t buy a router based on price alone. While a cheap router may be tempting, low-priced models don’t have the broadcast strength that more expensive models usually have. They may not have enough antennas or a strong enough signal to cover your whole house.
How Can I Increase My WiFi Speed at Home?
The connection speeds of your WiFi network also depends on many factors. The location of your router in your home can affect its connection speeds. The farther away you are from your router, the more your device’s speeds will suffer.
Make sure there isn’t anything obstructing your router’s signal. Furniture, appliances, duct work and other electronic devices can block a WiFi signal. If your WiFi router is buried behind the television and the Xbox, they could be blocking the signal. While routers aren’t the most elegant things to have sitting out in the open, putting your router in a cabinet can slow your connection.
Many lower-price WiFi routers will not be able to handle a large number of WiFi connections. The more devices you have connected to your router, the slower everyone’s connection speeds will be. Just like any physical highway, the information highway can become crowded if everyone is trying to use the same lane.
How Can I Best Secure My Home WiFi Network?
First off, immediately encrypt your home WiFi network. Use WPA2 Personal or WPA3 Personal to secure your network. Make sure to use a secure and unique password for your WiFi hotspot. This keeps your network safe from hackers or drive-by users.
Also, make sure to change your router's default administrator password. If possible, change the admin username to something other than "admin" or "administrator." Most routers' admin login information is well-known and the information is widely available on the internet. Changing your admin password prevents bad guys from using the default password to connect to your router and make changes or monitor your network's activity.
You should also change your WiFi router's SSID (that's the name that shows up in the list of available WiFi networks). By changing your router's SSID, you're making it tougher for bad actors to exploit the weaknesses of your router. Most router manufacturers create default SSIDs by using their company name and then a group of random numbers. These default SSIDs are available on the internet in lists of manufacturers and their default router names. By changing the name of your router, you make it a bit tougher to determine the router's make and model. When you rename your router, have fun with it. In the past, I've seen routers named "TellMyWiFiILoveHer," "FBI Surveillance Van," "Guardians of the Gateway," and my personal favorite, "Obi-WAN Kenobi."
Can I Use MAC Address Filters?
While once upon a time I might have suggested locking down your network by using Media Access Control (MAC) address filtering to limit which devices can use your network, I no longer do so. More and more devices are using random MAC addresses, which are built into operating systems. It's now child's play for even a beginning hacker to spoof a MAC address to defeat router MAC address filters.
- 1) Change Your Router’s Administrator Login and Password
- 2) Play It Smart With Your Wi-Fi Password
- 3) Change the Network Name
- 4) Make Sure Your Network Uses the Strongest Wi-Fi Encryption
- 5) Hide Your Wi-Fi Network
- 6) Set Up a “Guest Network” on Your Router
- 7) Disable Plug ‘n Play
- 8) Turn Off Remote Management
- 9) Limit the Use of Wi-Fi Protected Setup (WPS)
- 10) Keep Your Router Firmware Updated
- 11) Enable Your Router’s Firewall
- 12) Check Your Network for Unauthorized Connections
- 13) Check Port 32764 to Find Out If It’s Open
- 14) Don’t Install Software From Untrusted Sources
- 15) Keep All of Your Devices Updated
- 16) Install Antivirus Software and Anti-Malware Apps on Your Devices
- 17) Use a VPN
- 18) Place Your Wi-Fi Router In the Middle of Your Home
- 19) Turn Your Home Into a Faraday Cage
- 20) Turn Off Your Wi-Fi Network When Away From Home
- 21) Set Up a Separate Wi-Fi Network for Internet of Things Devices
- Stay Safe, My Friends
- Wi-Fi Home Network FAQ
- Do You Have to Have an Internet Provider to Get WiFi?
- How Can I Make My Whole House WiFi?
- How Can I Increase My WiFi Speed at Home?
- How Can I Best Secure My Home WiFi Network?
- Can I Use MAC Address Filters?