If you set up your router and started using it without any configuration, chances are that it's not very secure. You could have unwanted devices connected, or a gaping hole in your security coverage, without even knowing.

To cut down on the chance of network security issues, from neighbors stealing your bandwidth to an attacker breaking into your network, you should follow these easy steps to lock down your wireless network security.

1. Always Access Your Router's Admin Panel With Ethernet

Logging into your router's administration panel is as simple as opening your web browser, typing in its IP address (or sometimes a URL), and entering the router's admin username and password.

This is fine, unless you're doing so on a wireless connection.

When logging into the admin panel over a wireless connection, those login credentials are sent over the air, which offers potential for interception. Your connection to your router's management page isn't encrypted, so a rogue device on your network that's spying on traffic could see your password if you log in wirelessly. There's also the potential for man-in-the-middle attacks.

If you only ever log in while connected by Ethernet, you can eliminate this risk.

ethernet cable connected to router

In fact, if possible, you should disable remote access completely to require a wired connection in order to tweak anything. This way, even if a hacker manages to connect to your network wirelessly, they won't be able to change anything and you thus won't be subject to a hijacking.

Some routers also allow you to manage them through a website provided by the manufacturer. It's a good idea to disable this remote access for the same reason. Turning these options off means that only a trusted device in your home, connected with a cable, can make changes to your network.

2. Change the Default Router Login Credentials

Every router comes with a default username and password combination for the administration panel. This is how you log in when performing the initial setup of the router. Note that this password is different than the one you use to connect devices to your network.

You absolutely must change the default router password as soon as possible.

TP-Link Router Change Admin Password

Did you know that there are websites where you can search for the default admin credentials by router model? RouterPasswords.com is one of the best-known. This means that if an attacker knows what kind of router you have, and you haven't changed the admin credentials, they can break in with zero effort.

Even if someone don't know what kind of router you have, they can often brute-force an attack by running through all known admin username/password combinations. This problem is made worse by the fact that most routers use an insecure combination by default, such as "admin" for the username and "password" for the password.

As a result, changing these should be the first tweak you make with a new router. On some models, you can't change the username. But changing the password, at least, will prevent anyone who manages to connect to your network from trying common combinations to break in.

3. Change the Default SSID

Another setting you should change right away is your router's SSID (the public name that shows up when you're looking at available Wi-Fi networks around you).

Many routers come with default SSIDs that can give away their brand and/or model. For example, some Linksys routers have default SSIDs that look like Linksys-XYZ123. This is similar for models from Cisco, Belkin, Netgear, TP-Link, and others. Lots of these router models come with default SSIDs that give away their details.

Change Network Name TP-Link

If a potential hacker knows what kind of router you have, it becomes a little easier for them to break in. They can use that information to research vulnerabilities with your specific model, for instance. We recommend changing your SSID right away, and when you do, you might even consider picking a funny Wi-Fi network name.

4. Use Modern Encryption Standards

Encryption is a must-use feature on your router. Neglecting to use encryption is like leaving all your doors and windows open all of the time: everything you say and do is freely viewable for anyone who cares enough to look or listen.

You should review your Wi-Fi encryption settings to make sure that you aren't using an outdated protocol. The newest Wi-Fi standard at the time of writing is WPA3, though not all routers have this. WPA2 is still fine, but the original WPA is outdated. If this is your only option, you should replace your router.

Read more: Wi-Fi Security Types Explained

WPA protection comes in both Personal (also listed as PSK, which stands for "personal security key") and Enterprise. The latter is for use in corporate settings, so you should use Personal at home.

You should never use WEP encryption because it's weak and easily cracked. If you can only use WEP on your router, buy a replacement soon.

router encryption options

In addition to using WPA3 or WPA2, make sure you're using AES encryption instead of TKIP. TKIP is better than nothing, but AES is more recent and secure so you should always use that if available. Note that AES + TKIP encryption is effectively as bad as TKIP only, so stick to AES.

Lastly, change your WPA2/WPA key (which is the password used to connect to your wireless network). Make sure you choose a strong password that isn't too short or easily guessed. Aim for a minimum of 12 characters with a healthy mix of lowercase, uppercase, numbers, and special characters (like @, !, %, $, and others).

However, because you'll need to type your Wi-Fi password occasionally to connect new devices, you might want to avoid making it extremely complex.

5. Enable the Router Firewall

A firewall examines incoming network data and blocks anything that's deemed unsafe. Most routers have some kind of built-in firewall feature, often called SPI Firewall. This compares parts of all incoming network data against a database and only allows traffic in that passes the test.

TP-Link Firewall Router

On most routers this will be enabled by default, but you should still check to make sure it's on. Note that this may interfere with certain online games. If it does, you can get around it by using port forwarding.

Also note that a router firewall isn't enough on its own. Sometimes malicious data can get through undetected, which is why it's wise to also install a software firewall on your device as a second layer of defense.

6. Disable WPS and UPnP Features

WPS, or Wi-Fi Protected Setup, makes it easy to add new devices to a network. Using the button method, all you have to do is initiate a WPS connection from your device, then press the WPS button on your router to establish a connection.

However, WPS also has a method that lets you use a PIN to connect devices. On some routers, this PIN is unchangeable. And as it turns out, it's relatively easy to crack the WPS PIN because it's stored as two separate sets of four numbers. Someone could brute-force these numbers and then use the WPS PIN as they please, if you aren't able to change it.

Because of this, it's smart to disable WPS. You'll lose a tiny bit of convenience, but it's worth the increased security.

WPS PIN Router

UPnP, or Universal Plug and Play, allows all devices on your network to communicate with each other for whatever purposes they need. While convenient, unfortunately, UPnP is exploitable, and so you should disable it for security reasons.

The major downside to disabling UPnP concerns online gaming. Having UPnP on allows your console to access whatever ports it needs for various games. With UPnP off, you may find that some games don't work properly; you may also have issues with voice chat or playing with a particular user.

As mentioned above, forwarding ports manually is a good solution to this problem.

7. Keep the Router Firmware Updated

One of the most common pieces of security advice is to keep everything updated, which applies to routers too. Since your router is the device that handles all the incoming and outgoing network traffic, you should keep it secured by running the latest patches.

Outdated router firmware is bad for two reasons:

  1. It may have unpatched security holes that attackers can exploit.
  2. Newer firmware can introduce extra features or improvements that can impact overall security.

Therefore, it's in your best interest to keep firmware updated.

Every few months, you should check your router manufacturer's website for firmware updates to your model. Some routers even let you check for updates right in the administration panel. When there's an update available, download and apply it in your router settings.

TP-Link Router Update

Fortunately, you shouldn't have to do this often because router firmware updates tend to be infrequent. And speaking of which, if your router is so old that it doesn't get updates anymore, it's probably time to replace it.

Keeping Your Home Router Secure

These tweaks only take a few minutes to make, and won't impact the usability of your network in most cases. Protecting your network from intruders is important, and you'll be much better off with these tweaks applied.

Now that your home network is strongly secured, next you can tackle slow Wi-Fi issues if you have those, too.