How to lock down your home router and Wi‑Fi so criminals cannot walk in through the front door

Home internet is now the backbone of work, school and entertainment, yet most routers stay in the same weak configuration they had on the day they left the shop. For criminals, this makes home Wi‑Fi one of the easiest ways to break into people’s digital lives.

The good news is that a one time setup session can remove many of the simplest attack paths. You do not need to be an engineer, just willing to log in to your router and follow a clear checklist.

Start with physical control of the router

If someone can press the buttons on your router or plug in cables, they can bypass many protections. Keep the device in a place that is not easily accessible to visitors, especially in shared buildings or student housing.

Avoid leaving default information stickers in public view. Write the Wi‑Fi password into a notebook instead of taking photos that might sync to public cloud albums or be shown on a TV screen.

Change default admin passwords and usernames

Every router has an internal administration page, usually at an address like 192.168.0.1 or 192.168.1.1. The login details are often printed on a label or available in manuals, which means attackers know the defaults too.

Log in through a browser, find the “Administration” or “System” section and change both the username (if allowed) and password. Use a long passphrase that is different from your Wi‑Fi password, and store it in a password manager or written record kept at home.

Update the router firmware

Routers are small computers and their internal software, usually called firmware, must be updated to fix bugs and known vulnerabilities. Many older devices never received an update after installation.

In the admin interface, look for “Firmware,” “Software update” or “System update.” If there is an option to enable automatic updates, turn it on. If not, follow the vendor instructions to download and apply updates, then repeat this check every few months.

Use strong Wi‑Fi encryption and long keys

The type of protection your Wi‑Fi uses matters. If your router supports it, select WPA3. If not, use WPA2‑PSK (sometimes called WPA2‑Personal). Avoid WEP and WPA or mixed WPA/WPA2 modes, which are outdated.

Create a long passphrase, ideally 16 characters or more, using a mix of words and numbers that are not related to your name, address or phone number. Avoid short slogans or sports team names that are easy to guess.

Rename your Wi‑Fi network wisely

The visible name of your network, or SSID, should not reveal who you are or which device you use. Avoid including your family name, apartment number or the exact router model, because that helps attackers tailor attempts.

A neutral name, such as a random combination of words or numbers, is usually best. There is no strong protection benefit to hiding the SSID, and it can create connection issues, so most households can leave broadcast enabled.

Separate guest and smart devices from your main network

Many routers allow a separate guest network. Enable this and give it its own strong password. Visitors, smart speakers, televisions and other internet of things devices can connect there instead of to your main network.

This separation limits the damage if a guest device is infected or a cheap smart gadget has a flaw. Your laptops and phones, which hold more sensitive data, stay on the primary Wi‑Fi segment where only trusted devices connect.

Turn off risky extras you do not use

Routers often ship with advanced features enabled, such as remote management, universal plug and play (UPnP) and WPS push button pairing. These can simplify setup but also increase the attack surface.

Unless you have a specific need, turn off remote management, especially access from the wider internet. Disable WPS, which has a history of weaknesses, and consider turning off UPnP so devices cannot silently open ports without your knowledge.

Control who can connect by device and time

Some models support access control lists or parental control features that let you decide which devices can use the network. Once your regular phones, tablets and computers are connected, you can restrict new devices from joining without approval.

Time schedules can help families manage overnight internet use, but they also reduce exposure. For example, you could automatically cut Wi‑Fi for children’s devices after midnight while leaving work devices online.

Review connected devices and logs regularly

Make it a habit to open your router interface once a month and check the list of connected devices. If you see an unfamiliar phone, laptop or gadget, change the Wi‑Fi password and reconnect only the devices you recognise.

If the router offers simple logging, enable it and look for repeated failed logins or strange peaks in traffic. While the details may be technical, sudden changes can alert you to a problem such as a compromised device or unwanted guest usage.

Plan for replacement and end‑of‑life

Even well maintained routers do not last forever. Vendors eventually stop releasing fixes for old hardware, and new standards appear that improve resilience against attackers.

If your device is more than five to seven years old and no longer receives firmware updates, start planning for a replacement. When buying, look for clear vendor pledges on update periods and simple support pages that show recent firmware releases.

Make home Wi‑Fi hygiene a shared habit

Technical steps only go so far without good habits. Talk with family members or housemates about not sharing the Wi‑Fi password with people you do not fully trust, and about checking that visitors connect to the guest network.

Combine this with basic digital hygiene such as device updates and careful handling of suspicious links. Treated together, these habits turn your router from an ignored box in the corner into a reliable gatekeeper for your digital life.