How to Secure Your Wireless Router in 2020

Select WPA2-PSK (or WPA2/WPA3-Personal if available) as your Wi-Fi network security mode. It goes without saying that WPA3 is more secure than WPA2.

You can use either of them but do not use WPA.

Then, select AES as your encryption (or cipher) type. Do not use neither TKIP nor TKIP+AES options. 

Never use Open network mode for your Wi-Fi. Everyone around will be able not only to connect but intercept your traffic and ultimately:

• see and download your personal data (like photos, videos, documents) from laptops, desktops and NAS-devices on your home network;
• steal your facebook/twitter/instagram account;
• get access to your Internet banking and even credit/debit cards credentials;
• send spam or abuse people on the Internet from your IP-address.

Do not use WEP security either because it is deprecated and extremely vulnerable!

Set up a Strong Wireless Security Key (a.k.a. Wi-Fi password)

If you have an easy-to-guess password, everybody in the range of your wireless network’s signal will have an opportunity to guess it or try to hack.

Never use such commonly known thing like your birthday, mobile phone number or your pet’s name as a wireless security key. Your neighbors will hack such “protection” the next day after you set it.

Create something like this to use as your security key:

fh#08GaM80

Change the Factory Default Password of the Router

Change the default user name if possible. On some routers you can also change the default user name as well. Do it if possible. Everybody knows that in most cases the default user name is admin and the only thing you need to get access to router settings is password.

If you change the user name to some non-standard word the hacker will have to guess it as well and probably will fail to hack your router. It will make your router much more secure.

Disable Remote Management of Your TP-Link Router

You shouldn’t have the remote managements activated unless you are really using it every day and you know how to do it safely. Otherwise, go and disable it.

If you own a TP-Link router, go to Security > Remote Management and make sure you have 0.0.0.0 in the Address field. It means that the remote access is forbidden from any external IP.

On devices produced by other vendors you may have simpler control, for instance the flag “Enable remote management”.

Disable UPnP

UPnP usage is unwanted despite the fact that it is activated by default and almost nobody turns it off on their routers.

If at least one device at your home gets infected with malware, UPnP will help trojans connect to malicious servers from the inside of your network and download other malware, adware and who knows what else.

That’s why I strongly recommend you to disable it in your router’s settings:

Here are some extra measures to protect your Wi-Fi router.

These are optional measures to improve your wireless security. You may use them if only you are an advanced user and they suit your case.

Decrease the Wireless Transmitter’s Power

In many cases people don’t need their wireless router’s Wi-Fi transmitter to work at the maximum power.

Of course, you may have a large house and may need to set up an additional access point to extend the range of your Wi-Fi network to cover all territory.

But if your router is enough for your small apartment, try decreasing its transmit power in such a way that it reaches only those places where you really need to use your wireless network.

The idea is simple – make your wireless network inaccessible outside of your apartments.

If your set the transmit power to Low in the router settings the potential hackers won’t be able to connect to your hotspot from the outside due to the weak signal.

Change IP Address Range to Non-Default and Disable DHCP Server

First, you can switch to 192.168. 201.0 subnet rather than continue using default 192.168.0.0 or 192.168.1.0 subnets.

Secondly, you can assign static IP addresses for all devices on the network manually. This will make the process of obtaining the correct IP address much more difficult.

Extreme Security Options

In the end, I’d like to give you some extra information regarding extreme security measures.

Be sure that the following methods will definitely improve the security of your Wi-Fi router and the entire network. But the thing is that they can be incompatible with some of your older client devices.

Switch to Strict WPA3 Mode

If the devices you use the most support the latest WPA3 authentication method consider dropping support for WPA2 (let alone WPA and god forbid WEP). In this guide I explained how to configure it.

Stop Using the Mixed Standard Mode

Similarly you may want to switch your router to Wi-Fi 5 or Wi-Fi 6 standard and cut the support for earlier standards.

If you’d like to give it a try, simply log in to your router’s config page and change “802.11a/b/g/n/ac mixed” to “802.11ax only” or “802.11ac only” mode. On some routers you can also find the “802.11ac/ax” option.

This will make your Wi-Fi hotspot visible only to those clients that support the latest standard generations.

Why do it? The answer is simple: by applying such measures you narrow the circle of devices that will be able to even detect your network. And consequently, the less attack attempts — the better performance.

Conclusion

Take your router security serious especially when it comes to wireless networking. Wi-Fi is in the air and you never know for sure whether or not someone nearby is thinking of hacking your network.

Remember: the more outdated mechanisms you use, the more vulnerable your network is. That’s why you should switch to modern authentication methods and encryption type as soon as possible. Even if you have to stop using some of your old client devices.