Device & Home Network Security

How to Secure Your Home Wi-Fi Router in an Afternoon

Your home router is the quietest device you own and the most important one to secure. Every laptop, phone, smart speaker, doorbell camera, and game console in your home reaches the internet through it, so whoever controls the router sits between you and everything you do online. Yet most routers run for years on the exact settings they shipped with — including a default password anyone can look up in thirty seconds.

The takeaway up front: you do not need to be technical to lock this down, and you do not need to do it all at once. Seven settings matter, and two of them — the admin password and the Wi-Fi password — do most of the work. Change those two today and you have shut the door on the most common problems. The rest explains each setting and why it matters, so you can finish in an afternoon and not think about it again for a long time.

First, get into your router's settings

Everything below happens in your router's admin page — a settings screen on the router itself, not a website. There are two common ways in. The app: most routers sold in the last few years (eero, Google Nest Wifi, TP-Link Deco, Netgear Orbi, and similar mesh systems) are managed through a phone app, so if you set yours up that way, open it. The browser: on a connected device, type the router's address into the address bar — almost always 192.168.1.1, 192.168.0.1, or 10.0.0.1. If none work, check the sticker on the bottom of the router. You will be asked for an admin password, which brings us to the first and most important setting.

1. Change the admin password (the one that protects the settings)

This is the single most important change, and the one people miss most, because it is easy to confuse with the Wi-Fi password. They are two different things: the Wi-Fi password is what you type to join the network, while the admin password unlocks the router's settings — the controls for everything in this guide.

Routers ship with default admin logins like admin / admin or admin / password, published in manuals and searchable online for every model. If yours is still the default and the settings are reachable, changing it is the highest-value thing you will do all afternoon. Pick a long, unique password and store it in a password manager. If you have never set one up, our guide to passwords and accounts covers choosing a manager and building passwords that are easy to keep and hard to guess.

2. Use WPA3 (or at minimum WPA2) encryption

Encryption scrambles the traffic between your devices and the router so a neighbor or a parked car cannot read it out of the air. In your wireless or security settings, find the "security mode" or "encryption" option and prefer them in this order:

  1. WPA3 — the current standard, strongest against password-guessing. Choose it if offered.
  2. WPA2 (AES) — the previous standard, still solid and widely supported. Fine if WPA3 is not available.
  3. WPA/WPA2 mixed — only as a fallback for a genuinely old device that needs it.

Avoid anything labeled WEP or plain WPA (TKIP). WEP is decades old and can be broken in minutes; if that is all your router offers, the hardware is too old to trust. Stronger encryption makes cracking your Wi-Fi password dramatically harder, and you set it once.

3. Turn on automatic firmware updates

Firmware is the router's own internal software, and like any software it gets security fixes over time. But routers do not nag you the way your phone does, so an un-updated one can sit for years with known holes that everyone else has long since patched. Look for a "firmware," "router update," or "system" section. If there is an automatic updates toggle, turn it on so fixes arrive without you remembering; if yours only updates manually, do it now and set a reminder to check a couple of times a year. App-managed routers usually handle this in the background.

4. Set up a guest network for visitors and smart devices

A guest network is a separate Wi-Fi name that gives internet access without letting whoever joins reach the rest of your devices. Almost every modern router can create one, and it solves two everyday problems. First, visitors: hand out the guest password instead of your main one, so it never ends up saved on a stranger's phone. Second, and increasingly the bigger reason, smart-home gadgets. Cheap cameras, plugs, and bulbs are the least-maintained devices in any home and the likeliest to have weak security. Put them on the guest network and, if one is ever compromised, it cannot reach your laptop, backups, or phone. Give it its own strong password and, where offered, enable "client isolation" so guest devices cannot see each other either.

5. Switch off remote management

Remote management (also called "remote administration" or "web access from WAN") lets you log into your router's settings from outside your home over the internet. Almost nobody uses it, and when left on it exposes the admin login to the entire internet instead of just to people inside your house. Unless you have a specific, current reason to manage your router from afar, turn it off — then an attacker has to already be on your network to even reach the settings page. The toggle lives in an "administration," "remote," or "advanced" section.

6. Disable WPS

WPS (Wi-Fi Protected Setup) lets you connect a device by pressing a button or typing an eight-digit PIN instead of the full Wi-Fi password. The button is reasonably safe, but the PIN method has a long-standing weakness: those eight digits can be guessed by an automated attack far faster than a real password, and many routers will not let you disable the PIN without disabling WPS entirely. So disable WPS altogether — typing your Wi-Fi password the few times a year you add a device is a tiny cost, and it removes a shortcut that works for attackers too. Look for "WPS" in the wireless settings and switch it off.

7. Rename your network (and skip the hidden-network trick)

Routers often ship with a network name (SSID) that reveals the make or model — NETGEAR47, TP-Link_2.4G. That is a free hint to anyone nearby about exactly what hardware they face and which known weaknesses to try. Rename it to something that does not identify the brand, model, or you personally. And because the name is public by design, never put anything sensitive in it.

One myth worth retiring: hiding your network (disabling SSID broadcast) is not real security. The name stays trivially visible to basic tools and just makes connecting your own devices more annoying. Skip it — the strong Wi-Fi password from step two is what keeps people out, not secrecy about the name.

FAQ

How often should I change my Wi-Fi password?

Not on a schedule, despite the old advice. A long, unique password set with WPA2 or WPA3 does not "wear out." Change it when there is a reason — someone who knew it moved out, you handed it around at a party, or you suspect a device was compromised. A strong password you keep beats a mediocre one you rotate constantly.

Do I need to buy a new router to be secure?

Usually not. Most routers from the last several years support WPA3 or WPA2 and receive firmware updates, which covers the essentials. Replace it only if it offers nothing better than WEP, no longer gets firmware updates, or is so old the maker has stopped supporting it — then the hardware itself is the weak link.

My internet provider gave me the router — can I still change these settings?

In most cases, yes. Provider-supplied routers have the same admin page or app, and these settings are typically all available. If your provider locks some options, ask them to enable a feature or put your own router behind theirs. At minimum you can almost always change the admin and Wi-Fi passwords — the two that matter most.

Lock the front door

Your router protects everything else, so it deserves five minutes today. Open its settings — through the app or by typing 192.168.1.1 into a browser — and change the admin password and the Wi-Fi password first. Those two changes alone move you out of the easy-target category. Then, when you have an afternoon, walk down the rest of the list and finish the job for good.

Comments are disabled for this article.