This article was originally written and posted on Wired by David Nield on January 4, 2020.
Your router is perhaps the most important gadget in your home. It checks all incoming and outgoing traffic, acting as a sentry to make sure that nothing dangerous comes in and nothing sensitive goes out. It controls access to your home Wi-Fi network and through that all of your phones, tablets, laptops, and more. If someone else gains access to that network—whether a remote hacker or your next-door neighbor—it can be quick work to compromise those devices.
With that in mind, it's essential to keep your router secure. The good news is these steps aren't too difficult or time-consuming, and they'll significantly reduce your risk.
These tips will require you to access your router's settings, which you can typically do through your web browser by typing in an IP address, or if you're lucky, through an app on your phone. If you're not sure how to find these settings, check the documentation that came with the router, or run a quick web search using your router's make and model.
Change the Passwords
You should be using WPA2 security to guard access to your router, which essentially requires every new device to submit a password to connect. This is enabled by default on just about every router, but if it's not active on your device, switch it on through your router settings.
It's a good idea to change the Wi-Fi password on a regular basis. Yes, it means you'll need to reconnect all your devices again, but it also kicks off any unwelcome visitors who might be lurking. Your router settings panel should give you a list of connected devices, though it might be tricky to interpret.
We'd also recommend changing the password required to access the router settings themselves, as many people just leave the defaults in place—and that means someone who knows the defaults or who can guess them could reconfigure your router. As with any password, make it very hard to guess but impossible to forget.
These password settings should be fairly prominently displayed inside the router settings panel, and if you router is a more recent model, you might well get warnings if the new passwords you pick are too easy to guess or brute force. Before long, WPA2 will give way to WPA3, which offers more set it and forget it security, but until then, pay close attention to your Wi-Fi password hygiene.
Keep the Firmware Up to Date
Your router runs low-level software called firmware which essentially controls everything the router does. It sets the security standards for your network, defines the rules about which devices can connect, and so on.
Some more modern routers update themselves in the background, but whatever model you have, it's always worth making sure the firmware is up to date. This means you've got the latest bug fixes and security patches, and are protected against whatever exploits have just been discovered.
The process varies from router to router, but as with the password settings, the option to update your router's firmware shouldn't be too difficult to find within the router control panel. If you get stuck, check the router documentation or the official support site on the web.
If you're lucky, the process will be automatic; you might even get alerts on your phone every time a firmware update gets applied, which usually happens overnight. If you're unlucky, you might have to download new firmware from the manufacturer's site and point your router towards it. If so, it's absolutely worth the extra effort.
Disable Remote Access, UPnP, and WPS
A lot of routers come with features designed to make remote access from outside your home easier, but unless you need admin-level access to your router from somewhere else, you can usually safely turn these features off from the router settings panel. Besides, most remote access apps work fine without them.
Another feature to look out for is Universal Plug and Play. Designed to make it easier for devices like games consoles and smart TVs to access the web without making you wade through a lot of configuration screens, UPnP can also be used by malware programs to get high-level access to your router's security settings.
Keeping remote access and UPnP turned on won't suddenly expose you to the worst of the internet, but if you want to be as safe as possible, turn them off. If it turns out that some of the apps and devices on your network rely on them, you can enable the features again without too much worry.
You should also think about disabling Wi-Fi Protected Setup. WPS has good intentions, letting you connect new devices with a button push or a PIN code, but that also makes it easier for unauthorized devices to gain access; a numerical PIN is easier to brute force than an alphanumerical password. Unless you specifically need it, disable it.
Use a Guest Network, If Available
If your router has the option of broadcasting a so-called guest network, take advantage of it. As the name suggests, it means you can grant your guests access to a Wi-Fi connection, without letting them get at the rest of your network—your Sonos speakers, the shared folders on your laptop, your printers, and so on.
It's not like your friends and family are hackers in disguise, but letting them on your primary network means they might access a file that you'd rather they didn't, or inadvertently change a setting somewhere that causes you problems. It also puts another speed bump in the way of someone who is secretly trying to get access to your network without your permission—even if they're able to get on the guest network, they won't be able to take control of your other devices, or your router.
Your router should have the option to hide the SSID of your main network—basically the name of the network that appears when your devices scan for Wi-Fi. If visitors can't see this network then they can't connect to it, but you'll be able to add devices to it because you'll know what it's called. (And if you're not sure, it'll be listed in your router settings.)
Keep Security in Mind
Despite decades of relative neglect, most routers launched in the last couple of years come with excellent security built in. Manufacturers appreciate the importance of router security and reliability more than ever, so the products are much more user-friendly than they used to be. They now handle lot of the key security settings for you.
With that in mind, one of the highest risks to your router is that it's compromised by a device that it thinks it can trust—in other words, something on your phone or laptop gets access to it and causes some mischief, perhaps by secretly opening an entry point to your router that can be accessed remotely.
To minimize this risk, practice good security principles at home: Keep all your devices up to date with the latest software, be picky about which apps, programs, and browser extensions you install, and protect your devices with long, difficult-to-guess passwords that are all different from each other. Better yet, get a password manager. Make sure your devices are protected by appropriate security software, wherever possible.
You've probably got a lot of devices connected to your router, from phones to smart speakers, and you need to keep all of them locked down and protected—as soon as you connect them to Wi-Fi, they're also connected to your router. If any device doesn't need Wi-Fi access, then disable it. You'll be glad you did.