Home Wi-Fi router settings you should change RIGHT NOW to protect yourself

Play this article

Wi-Fi routers, the little boxes with flashing lights that connect your home to the Internet. You might even be using one right now.

You might not know, however, that some aren't completely secure. Well, not if you just got it out of the packaging and plugged it in anyway.

If you really want to make sure you are ensuring the best cyber security for yourself and anyone else you might live with, then there are some settings you probably ought to change.

Accessing the settings

If you're probably thinking "I don't even know how to change my router settings", don't worry. Most routers have a web interface or app that allows you to alter the settings.

I would first check to see if there are any stickers on the router, as this might give you an IP address to type into your web browser and default admin password to change the settings.

If it doesn't, some common default IP addresses are as follows...

  • http://192.168.1.1

  • http://192.168.0.1

  • http://192.168.1.254

You can also use the following websites to find your router's IP address...

A common default username/password may be admin/admin, which brings me to the first setting.

Change the default admin password

Most routers come with a default admin password for logging into the router settings page (hopefully you've made it this far).

Some manufacturers use very weak combinations such as admin/admin or root/root and some are a bit better by printing a combination of letters and numbers or symbols, but these patterns can even be cracked now.

It is best to change your default admin password (and username if your router has one) to something more secure and that only you would know. Try using my secure password generator if you're stuck.

Change the default SSID and password

It is good to change the SSID, the name that is broadcast to anyone close to your home and password to something distinct, as opposed to the manufacturer of your router i.e. Virgin / Sky / BT etc...

Similarly, you might want to change the default password to something more secure, in case the manufacturer used a weak one or someone finds the sticker on the router.

Use the guest network feature if available

Some routers have a guest network or guest Wi-Fi feature that creates a secondary Wi-Fi network for your visitors to connect to.

This network has a separate Wi-Fi password (or sometimes none at all), so you don't need to give them your main Wi-Fi password. Very handy if you're having a party.

They are also often isolated, so any devices on the guest network cannot see the devices on your main network, including the router admin page.

Just be sure to disable it when your guests leave - you don't want people poaching off your Wi-Fi.

Turn off remote management

Some routers have a feature which allows you to manage your router settings from outside your home, via your public IP address or a URL.

While this sounds handy, most people don't even use it and it is quite insecure.

It allows a gateway to your home network via the Internet and your public IP could end up on a directory such as Shodan or the dark web.

Be wary of WPS and only use it temporarily

WPS stands for Wi-Fi Protected Setup and is a feature on most home routers that involves you pressing a button on your router (usually labelled "WPS") and it allows devices to connect without a password.

While this is a useful feature, it relies on an 8-digit PIN behind the scenes which can be brute-forced i.e. guessed.

Therefore, this feature should be turned off until needed and even then, only used temporarily.

Ensure firmware is up-to-date

Some router manufacturers apply firmware (device software) updates automatically without you having to do anything.

Others, however, don't do this and may have a setting that allows you to manually apply the latest updates to keep your router secure.

Out-of-date firmware can often contain unpatched vulnerabilities, so it's good to apply these updates as soon as they become available.

Use the latest encryption if you can

Most routers automatically use the highest level of encryption, but if you're ever given the choice, you should always go for the highest.

Unless however, you have a really old device that absolutely must be able to connect.

The latest version for home routers is WPA3 but WPA2 is still ok for most people.

Never use WEP as this is easily crackable.

Keep an eye on your port-forwarding rules

Port-forwarding is where you expose a certain port, or number of ports for a particular device to the Internet e.g. if you are hosting a game or web server.

If you decide to port-forward any devices through your router's firewall, ensure they are kept up-to-date and secure as much as possible.

Remove any port-forwarding rules as soon as they become irrelevant, as these are essentially holes into your home.

References