Your home Wi-Fi router is probably the most security-critical device in your home, and it is almost certainly the one you have paid the least security attention to since the day it was installed. This is not unusual — most people configure their home network once, connect their devices, and never think about it again. But routers are a prime target for attackers specifically because of this neglect, and a compromised router gives an attacker visibility into every device and every communication on your entire home network.
The good news is that securing your home router properly takes about 10 minutes, requires no technical expertise, and makes a dramatic difference to your network security.
Step 1: Access your router admin panel
Every router has an administration interface accessible through your web browser. On most home routers, you access it by typing 192.168.1.1 or 192.168.0.1 into your browser address bar. If neither of these works, look at the sticker on the underside or back of your router — it will usually show the admin address, default username, and default password.
You will be presented with a login screen. Enter the default credentials shown on the router sticker. If you have never changed these, they are almost certainly still the factory defaults.
Step 2: Change the router admin password
The factory default admin credentials for most routers are publicly documented online. Anyone who searches for your router model can find the default username and password within seconds. This means anyone who can connect to your network — including a neighbour who knows your Wi-Fi password, or an attacker who has found another way in — can access your router admin panel and change any setting they like.
Find the administration or system password section (usually under Administration, System, or Management in the router menu) and change the password to something long and unique. Store it in your password manager. You will rarely need it, but it is critical that only you have it.
Step 3: Check and update your encryption standard
In your router’s wireless settings, look for the security mode or encryption type setting. You should be using WPA3 if your router supports it, or WPA2 (also labelled WPA2-Personal or WPA2-AES) if WPA3 is not available.
If your router is still set to WEP, WPA (the original version without the number 2), or TKIP encryption, change it immediately. These older standards have well-documented vulnerabilities that can be exploited with freely available software in minutes. WPA3 has been supported by new routers since 2018. WPA2 with AES encryption is secure for most home use cases.
While you are in the wireless settings, ensure your Wi-Fi password is at least 12 characters long and not a dictionary word or phrase that could be guessed. A randomly generated password from a password manager stored in your manager is ideal.
Step 4: Update your router firmware
Router firmware is the software that runs the device, and manufacturers regularly release updates that patch security vulnerabilities. Unlike phone or computer operating system updates, router firmware updates often do not happen automatically — you need to check manually.
In your router admin panel, look for a Firmware Update section (sometimes under Administration, Maintenance, or Advanced). Check for available updates and install them. If your router supports automatic firmware updates, enable this option. If it does not, set a reminder to check for updates every three to six months.
Routers that are more than four or five years old may no longer receive firmware updates from their manufacturer at all. If this is the case for your router, it is worth considering a replacement — an unsupported router with unpatched vulnerabilities is a long-term security liability.
Step 5: Set up a guest network
Most modern routers support the creation of a secondary guest Wi-Fi network. This is one of the most underused but valuable home network security features available. The principle is simple: your main network is for your computers, phones, and tablets — the devices you use for banking, email, and sensitive activities. Your guest network is for everything else.
Connect all your smart home devices — your smart TV, your voice assistant, your smart thermostat, your security cameras, your Wi-Fi connected appliances — to the guest network instead of your main network. These devices often have weaker security than your primary computing devices, may receive infrequent software updates, and have had documented vulnerabilities. By isolating them on a separate network, you ensure that even if one of them is compromised, the attacker cannot use it to access your computers, phones, or the sensitive data on them.
Give the guest network a different password from your main network. When visitors ask for your Wi-Fi, give them the guest network credentials rather than your main network password.
Step 6: Review connected devices regularly
Your router admin panel shows a list of all devices currently connected to your network. Review this list every few months. Every device on the list should be something you recognise — your phone, your laptop, your family members’ devices, your smart TV, and so on. If you see a device you cannot identify, investigate it. An unrecognised device on your network could be a neighbour using your Wi-Fi, or in a more serious scenario, evidence of a network intrusion.
If you find an unrecognised device, change your Wi-Fi password. This disconnects all devices from the network and requires them to reconnect with the new password. Devices you do not reconnect can no longer access your network.
Step 7: Disable remote management
Many routers have a remote management feature that allows the admin panel to be accessed from outside your home network — from anywhere on the internet. For most home users, this feature is unnecessary and represents an attack surface. Disable it in your router’s administration settings.
While you are checking these settings, also disable WPS (Wi-Fi Protected Setup) if it is enabled. WPS is a feature designed to make connecting devices easier, but it has a documented vulnerability that allows attackers to brute-force your network PIN within hours. Turn it off.