Javatpoint Logo
Javatpoint Logo

How to secure your home wireless network router

In your house, you most likely have a wifi router that allows everyone in the family to connect to the internet. People often ask for the password when they come by so that they show off vacation images stored in the cloud or may check things on their smartphones. Before long, many people can have the potential to connect to your router any time when they pass by your house, as they know about your wifi password. The signal from your router reaches into nearby apartments in an apartment building.

How to secure your home wireless network router

Wifi systems can reach beyond your home's limits, unlike physical networks. There may be a security risk if you have an open wireless network, as it allows anyone within range of your router to have access to your network. It is tough to keep track of who has access to your home network once the password is out in the open. As a result, you should think about making some changes and developing some routines in order to protect yourself against snoopers, intruders, and internet carpetbaggers.

There are two major security threats; you need to deal with them. The first is that it must be limited who has access to your network. The signal footprint is the second issue to address. If someone is able to pick up a signal from your network from outside your house, they can steal all of your passwords as well as data. To strengthen the security of your home wireless network, consider the following suggestions.


The methods below require access to the router settings, and if possible, we recommend configuring wireless security from a computer connected to the network with the help of a cable connection.

Note: We cannot provide exact methods for each router because they are all different. For detailed procedures, consult your router's documentation.

Close the network

It is an unsecured network if you have never been prompted for a key, passphrase, or password when connecting to it. To put it another way, if your network is close enough to your router, others can connect to it. Go to your router's configuration page and seek for a Wireless Security option to enable security. In the Wireless Security section, you can see an example of a Linksys router configuration.

Choose from WEP, WPA, or WPA2 as your wireless security method. Then, to produce the keys, input a passphrase. You will need the key for each wireless device that wants to connect to your network once you've activated security on your router.

Make a complicated router password

Everyone is afraid about forgetting their passwords; therefore, they always try to create simple passwords such as a series of numbers as 12345. Passwords that are difficult to remember, or the combinations of special symbols, numbers, alphabets, on the other hand, are ideal for system security.

You may need to share your Wi-Fi password with other family members, as well as relatives and close friends who come to see you on a regular basis. You have no control over them if they are sharing that password with others. Although each computer's operating system may search for a previously established password, few individuals are aware of this capability. It's more difficult to communicate with a sophisticated password, as well as also impossible to guess.

With the help of using a string of random characters to make it more difficult for people who attempt to guess your Wifi password and try to gain unauthorized access to your network connection. You may use the Comparitech password generator to help you create a strong password, and a Wi-Fi password should be between 12 and 20 characters long.

Change default password

Make sure your router's password is not the same as your computer's. Anyone may quickly guess the default password and get access to your router if you use it. Anyone who has access to your network configuration might modify the settings and read the security keys.

Limit access to the password

You should not feel compelled to disclose the password with everyone who enters your house; however, it may seem sensible to give your children, their friends, and your friends access to your wifi. A visiting salesman, for example, is a complete stranger, and regardless of how well dressed they are, you have no idea what their goals are, and you cannot trust them. A plumber, a landscaper, or a decorator who is on your property to provide a job does not have the authority to ask for your wifi password. You should be prepared to say "No" in these situations.

In order to get information for the jobs, commercial visitors should not be required to use your wifi router. If their business model needs them to keep data in the cloud, their employers should give them with a data plan or a USB modem.

Change the password frequently

When it comes to updating the router password, there is no hard and fast rule. You should, however, update the password on a frequent basis. Because you must log in regularly, remembering a new email or online banking password can be cumbersome. Changing a wifi password, on the other hand, is less of a hassle because most wifi routers only require you to log in once to gain infinite access.

You should change your router password on a monthly basis, even making it part of your monthly routine. After breakfast on the first of each month, change the wireless password. Change the password every week if you have a lot of people in and out of your house, such as during a renovation. Keep your password list up to date on a regular basis.

Many modern Wi-Fi routers also allow you to create a 'guest network,' which has its own SSID and password. This implies that visitors can use their devices in order to connect to the internet, and you will not have to give your main password.

If available use WPA, not WEP

In modern times, WEP, WPA, and WPA2 are just a few of the security systems available on routers. Because WPA or WPA2 security is more secure as compared to WEP, therefore, we recommend WPA or WPA2 security. For certain older devices, such as TiVo, game consoles, and other network devices, WEP may be the only security option. Even while WEP isn't the most secure option, it's preferable than having no security at all.

Change the router's admin credentials

Any device connected to the network can log into your router's console. On routers, the administrator account is frequently set up by utilizing the same username and password for all of the vendor's products. This is not the same as merely connecting to the network; it also gives you the option of customizing it. With a little information, anyone connected to the router may assume or Google its access details. You become vulnerable to a hacker or a high-achieving adolescent as a result of this.

How to secure your home wireless network router

They can have the potential to modify the admin password and lock you out if they gain access to the admin console. Reset those credentials before your daughter's smart-aleck buddy does it?. You will not be able to strengthen your wifi security unless you have accessed your router's administrator account.

The default username and password may be found on the help sections of the wifi manufacturer's website or listed in the router's instruction manual. It's possible that it will show up on the router's login screen. Try the username/password combinations user/user, system/admin, admin/admin, sys/admin, system/password, and admin/password if you cannot find the username and password elsewhere.

Once you've found the proper combination, look through the menu system for account information. Make the password for the admin account a 12-character long random string of letters and digits. Before you log out of the console, remember to write down your new password somewhere safe. You can use a password manager in order to keep track of your passwords, as most router consoles are accessed through a web browser.

Disable remote administration

Remote administration, remote administration allows anybody within range of your router to see and change its settings. We recommend removing remote administration if you never plan on remotely administering your network. This feature is frequently disabled in the Administration part of routers that support it.

Any computer that is physically connected to the router through a network connection can alter the router settings when the router is deactivated.

Change the network name

Router manufacturers, as indicated in the previous section, utilize the same settings for all of their products. A manufacturer's administration software is frequently installed on all of its router models. For hackers, this uniformity makes life simple.

Hackers can observe all of the nearby wifi networks with the help of using free network detecting software. Because the hacker does not need to break into your home to gain access to your network, he does not need to know which home the signal originates from. An SSID, or service set identifier, is assigned to each network.

The SSID is frequently used by router manufacturers to provide the router's brand name or model. The ISP might alter the SSID to reflect their own identity rather than the manufacturer's if you purchased a router from your internet service provider. The SSID will almost certainly reveal the router's brand and model if you purchased the router yourself.

With a little effort, a hacker can find the router's default username and password with the help of using the information in the SSID. Change the SSID to hide the router's manufacturer and model. Choose a unique identification that does not include your phone number, name, or address.

In the name, don't include any other personal information. As a result, "Homenet-12281975", "10BullLane," and "JBDecker Network" are all terrible ideas. In your SSID, avoid using foul language, making political statements, or presenting challenges to hackers. To make it taste dull, simply make it taste bland.

Hide the network

The SSID of your router does not have to be broadcast. Your home wifi becomes a secret network if you prevent your router from giving out its identity. Passersby will be unable to see the network; however, devices that already have connection data will be able to connect with it. A line that reads "Hidden network" will appear in the network list that others see in many cases. It is difficult to join a network if you do not know what the name of the network is.

Making it hard for unknown devices to connect to the network is a problem when you acquire a new device. You can, however, you can activate SSID broadcast temporarily to allow your new device to join the network. Make the network hidden once you have established a password-protected connection. Hide the network in order to make it easy to prevent visitors from connecting. They are less likely to ask for the password if your router does not appear in their list of accessible networks.

Change the default SSID name

The SSID is the name, which is used to identify the wireless router. Many routers use the router's name as the default SSID by default. The SSID of Linksys routers, for example, is 'Linksys.' There is a security risk if you use the default SSID, as t discloses the router's brand. It would let an attacker figure out how to take advantage of the device's vulnerabilities.


Avoid using your personally identifying information, such as your family's name or any others, when naming the router. For instance, any neighbor who knows you will be able to recognize your network if your SSID contains your family's last name.

Enable router firewall

A firewall is often included in routers and may be switched on or off. We also recommend using this function if it is available, as it offers an extra layer of protection to your network.

Turn off Remote Management

Only devices connected to the network should be able to access the router's console. A regular router setting, on the other hand, allows remote access. This means, over the internet, you can use the console from anywhere in the world. Unfortunately, anybody can do it if you can. As a result, remote access should be disabled.

Limit WPS

WPS (Wifi Protected Setup) is a simple method for a new device in order to connect to the router as well as recognize the network. One of two techniques is used by WPS.

Pressing the WPS button on the back of your router sends out a signal that connects the device to the network and provides it with login credentials, removing the need to enter in a text password.

An alternative way involves entering an eight-character numeric code into the device's network settings. In your home, WPS (Wifi Protected Setup) allows devices like game consoles and set-top boxes to stay connected to the network even if the password necessary to connect computers and phones changes.

The coding method used by WPS has a security vulnerability that is easy to exploit. Turn off the WPS code capability and rely on the WPS button if your router has one. Disable WPS entirely if you do not have the button, as the code option poses a major security risk to your network.

Disable SSID broadcast

Wireless routers broadcast your SSID to make locating your wireless network easier. This implies that anyone looking for a wireless router will be able to see your SSID. You can disable the SSID broadcast feature to make it more difficult for someone seeking for a wireless network to find your network. If you disable SSID broadcasting, you will have to manually enter your router's unique SSID every time you add a new device to your network.

Enable wireless MAC filter

If the MAC Address of a wireless device is shown in the filter list, it can connect to your network. MAC filtering makes adding new devices to your network more difficult, but it improves your wireless network's overall security.


Connect any wireless device you want on your network to your router before enabling the wireless MAC filter for a quick and straightforward setup. After each device has joined, go to the router settings and view the DHCP client table, which is usually found in the Status or Local Network section. Each device on your network can be copied to Notepad and inserted into the router's Security section's wireless MAC filter.

Turn off the router

You could turn off your router if you are not utilizing your wifi. You might wish to keep a large download going overnight on occasion. However, you will not be able to connect to the internet when sleeping the majority of the time. Turning off and unplugging all electronics at night is a smart idea. This is a great way to save the environment while also preventing appliance fires caused by sparks. Even when in standby mode, many electrical and electronic equipment consumes energy. Therefore, before you go to bed, unplug everything to save money on your electricity bill and to help save the environment with the help of lessening the strain on power plants.

You may also switch off the router when you go to work. If you have a big family, the last person to leave the house in the morning switches the router off, and the first person to return home in the evening turns it on.

The justification for this suggestion should be self-evident. The fewer hours your wifi system is up and running, the less likely it is to be hacked. It will also keep your snooping neighbours from utilizing your wifi for extended periods of time. This method will lower your monthly bill if your internet subscription is metered.

Allocate static addresses

You may find this stage difficult to complete as it is a little complex. As it has been stated, every device has an address on your wireless network. It is known as an IP address, and it must be unique. On your private network, your computer's IP address is the only one. As a result, the router has a public address that acts as your internet identity.

Your router employs the "dynamic host configuration protocol," or DHCP, to issue an IP address to each device on the network. Hackers may assign themselves a network address via DHCP, making them almost undetectable.

You can change the way addresses are assigned on your network with the help of changing one of the settings in your router's dashboard. Look at the Network Configuration page of the console in order to stop the router from utilizing DHCP. You will most likely find the option you are looking for under a drop-down menu titled address configuration or WAN connection type.

Your router's exact settings are determined on the basis of its model. You will notice, though, that the field is presently set to DHCP. This has to be converted to a static IP address. Make a list of all the computers and network-enabled gadgets in your home and write down their existing IP addresses before making the change. Return to each device after setting the router to use static IP addresses and assign it the address you took down for it. It is debatable whether adjusting address allocation is effective.

MAC address filtering

In the router's console, a menu item called "MAC filtering" or "MAC address filtering" will appear. This setting limits network access to just those devices that have been approved. Any device that can connect to a network is given a MAC address. This is unique all over the world, and it is the identification for the network card. As a result, no two devices have the same MAC address on the planet. The term "media access controller" is abbreviated as MAC. Six two-digit hexadecimal numbers are separated by colons in this code. As a result, it seems to be 00:17:5f:9a:28.

It is possible that you have heard that MAC address filtering can be avoided; therefore, it is a waste of time. Up to a point, this is correct. If you only want to keep your kids quiet about the password and prevent your neighbours from connecting to your network for free, MAC address filtering will suffice. This approach will not be particularly successful if you believe one of your neighbours is a hacker.

To find the MAC address on a mobile device, go to Network Settings. Type ipconfig /all in a command-line window on a computer. A list of the computer's characteristics, as well as the MAC address, will appear. Devices you want to connect to the network in your home, make a list of all the MAC addresses of that devices.

Pay attention to the directions on the page while setting up the filtering list because not all MAC filtering systems are created equal, and the layout changes depending on your router.

A MAC address filter can operate in one of two modes. Allow" and "deny," or "include" and "exclude" are the terms used. Your router's MAC filter is of the allow/include kind if these options are not available.

Select allow/include if those options are available. You should be able to type a list of addresses into a box on the screen. A carriage return usually suffices to separate the entries; however, each address may require a comma or a semicolon.

A hacker with a wireless packet sniffer can bypass MAC address filtering. The MAC address appears on every piece of data that enters or exits a device. MAC addresses are centrally regulated to ensure that each one is unique and are issued to network cards all over the globe, but hackers know how to alter them. Consequently, on the network, the hacker only needs to choose one of the active MAC addresses and alter his computer's MAC address to it. Due to the fact that such tools are not available on mobile devices, the hacker would have to be sitting with a laptop within range of your router to pick up the signal.

Youtube For Videos Join Our Youtube Channel: Join Now


Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials


Trending Technologies

B.Tech / MCA