In this ultimate guide you will find our tips on how to make your Wi-Fi router and wireless network as secure as possible in 2020. Be noted, that all steps are extremely important. Missing at least one piece of advice can make your data vulnerable despite you followed all other steps!
The Most Important Priority Measures to Protect Your Wireless Router
The most important thing for the security of your wireless world! If you have WPS (or QSS) activated, every school boy sitting in the range of your AP’s signal will be able to hack your wireless network.
Don’t forget: to be on the safe side you should disable WPS for each network on your router – 2.4 GHz and 5 GHz.
Use WPA2 or WPA3 Security Mode
Select WPA2-PSK (or WPA3-PSK if available) as your Wi-Fi network security mode. It goes without saying that WPA3 is more secure than WPA2. You can use either of them but do not use WPA. Then, select AES as your encryption (or cipher) type. Do not use TKIP or TKIP+AES options.
Never use Open network mode for your Wi-Fi. Everyone around will be able not only to connect but intercept your traffic and ultimately:
- see and download your personal data (like photos, videos, documents) from laptops, desktops and NAS-devices on your home network;
- steal your facebook/twitter/instagram account;
- get access to your Internet banking and even credit/debit cards credentials;
- send spam or abuse people on the Internet from your IP-address.
Do not use WEP security either because it is deprecated and extremely vulnerable!
Set up a Strong Wireless Security Key (a.k.a. Wi-Fi password)
If you have an easy-to-guess password, everybody in the range of your wireless network’s signal will have an opportunity to guess it or try to hack.
Never use such commonly known thing like your birthday, mobile phone number or your pet’s name as a wireless security key. Your neighbors will hack such “protection” the next day after you set it.
Create something like this to use as your security key:
Change the Factory Default Password of the Router
Change the default user name if possible. On some routers you can also change the default user name as well. Do it if possible. Everybody knows that in most cases the default user name is admin and the only thing you need to get access to router settings is password. If you change the user name to some non-standard word the hacker will have to guess it as well and probably will fail to hack your router. It will make your router much more secure.
You shouldn’t have the remote managements activated unless you are really using it every day and you know how to do it safely. Otherwise, go and disable it. If you own a TP-Link router, go to Security > Remote Management and make sure you have 0.0.0.0 in the Address field. It means that the remote access is forbidden from any external IP.
On devices produced by other vendors you may have simpler control, for instance the flag “Enable remote management”.
UPnP usage is unwanted despite the fact that it is activated by default and almost nobody turns it off on their routers. If at least one device at your home gets infected with malware, UPnP will help trojans connect to malicious servers from the inside of your network and download other malware, adware and who knows what else. That’s why we strongly recommend you to disable it in your router’s settings:
Additional Measures to Protect Your Router
These are optional measures to improve your wireless security. You may use them if only you are an advanced user and they suit your case.
Decrease the Wireless Transmitter’s Power
In many cases people don’t need their wireless router’s Wi-Fi transmitter to work at the maximum power. Of course, you may have a large house and may need to set up an additional access point to extend the range of your Wi-Fi network to cover all territory. But if your router is enough for your small apartment, try decreasing its transmit power in such a way that it reaches only those places where you really need to use your wireless network. The idea is simple – make your wireless network inaccessible outside of your apartments. If your set the transmit power to Low in the router settings the potential hackers won’t be able to connect to your hotspot from the outside due to the weak signal.
Change IP Address Range to Non-Default and Disable DHCP Server
First, you can switch to 192.168. 201.0 subnet rather than continue using default 192.168.0.0 or 192.168.1.0 subnets.
Secondly, you can assign static IP addresses for all devices on the network manually. This will make the process of obtaining the correct IP address much more difficult.
If you find this guide helpful, please, share it with your friends. We’d also appreciate if you give us your feedback in the comments below. Thank you!