How to Secure Your Home Network

Step 1: Change default router credentials

The router's admin panel uses a default username and password (often 'admin/admin' or 'admin/password'). These are publicly documented. Change both immediately after setup. Use a unique password of 12+ characters. Store it in a password manager — not on a sticky note near the router.

Step 2: Update router firmware

Router firmware updates patch security vulnerabilities, including exploits that allow remote takeover. Log into the admin panel and check for firmware updates under Administration or System. Enable automatic firmware updates if your router supports it. Consumer routers regularly receive patches — check at least quarterly on routers without auto-update.

Step 3: Set strong Wi-Fi encryption

Go to Wireless settings and set security to WPA3 if all your devices support it, otherwise WPA2-AES. Disable WEP, TKIP, and 'Mixed mode' — they are insecure. Set a Wi-Fi password of 16+ characters. Separate your 2.4 GHz and 5 GHz networks with different SSIDs.

Step 4: Disable remote management

Remote management allows access to your router's admin panel from outside your home network. Unless you specifically need this feature, disable it in Administration or Remote Management settings. An exposed admin panel is a direct attack surface for brute-force attacks from the internet.

Step 5: Isolate IoT devices on a guest network

Smart TVs, cameras, bulbs, and other IoT devices have notoriously poor security track records. Put them on a separate guest network with client isolation enabled. This prevents a compromised IoT device from reaching your computers, NAS, or other sensitive devices on the main network.

Step 6: Change DNS and enable DNS-over-HTTPS

Switch from your ISP's DNS to Cloudflare (1.1.1.1) or Quad9 (9.9.9.9). Quad9 specifically blocks known malicious domains at the DNS level — a free, effective first line of defence against malware and phishing. Enable DNS-over-HTTPS in your router or browser to encrypt DNS queries.

Step 7: Disable UPnP

UPnP (Universal Plug and Play) allows devices on your network to automatically open ports in your router's firewall. While convenient, it has been exploited to expose services to the internet without user knowledge. Disable UPnP in your router's firewall or advanced settings unless a specific application requires it.

Frequently Asked Questions

How do I know if my router has been hacked?

Signs include: unknown devices in the client list, DNS settings changed to unfamiliar IPs, router admin password no longer working, and significantly slower speeds. Check your router's connection log for unusual outbound connections. Reset to factory defaults and reconfigure from scratch if you suspect compromise.

Is WPS safe to use?

WPS (Wi-Fi Protected Setup) has known vulnerabilities, particularly the PIN-based method, which can be brute-forced in under 11,000 attempts. Disable WPS in your router's wireless settings unless you specifically need it for a device that does not support entering a Wi-Fi password.

How often should I change my Wi-Fi password?

Change it when: you end a relationship with someone who had access, after a security incident, or if you have shared it widely. Routine changes every 6–12 months are good practice. Frequent changes are less important than password strength and restricting who knows it.