Your home Wi-Fi network is the gateway to every device in your house. A poorly secured router means anyone nearby can potentially access your internet traffic, your devices, and through them, your accounts. Most people set up their router once and never think about it again. Here's what you should actually do.
Change the Default Admin Password
Every router ships with default admin credentials that are publicly known. A quick Google search for your router's model number will return the default username and password. Anyone on your network — or using certain vulnerabilities — can use these to access your router's settings, redirect your DNS, or monitor your traffic.
Log into your router's admin interface (usually 192.168.1.1 or 192.168.0.1 in your browser), find the admin password settings, and change it to something strong and unique.
Use WPA3 Encryption
Wi-Fi security is determined by the encryption standard your network uses. The options, from weakest to strongest: WEP (obsolete, crackable in minutes), WPA, WPA2, WPA3. In your router settings, set your security type to WPA3 if available, or WPA2/WPA3 mixed mode. Never use WEP.
Change Your Network Name (SSID)
Default SSIDs often contain your ISP's name or router model ("NETGEAR-5G-B2A0"), which tells attackers exactly what hardware you're using and what vulnerabilities to target. Change it to something neutral that doesn't identify you or your equipment.
Don't include your name or address in your network name.
Create a Guest Network for IoT Devices
Smart TVs, smart speakers, thermostats, cameras, and other IoT devices are notoriously poorly secured. If one gets compromised, an attacker on your main network can potentially reach your computers and phones. Put all IoT devices on a separate guest network to isolate them.
Most modern routers support guest networks. Enable one, connect your smart home devices to it, and keep your computers and phones on your main network.
Disable Remote Management
Many routers have a "remote management" feature that allows configuration from outside your network. Unless you specifically need this, disable it. It's an attack surface that doesn't need to exist.
Enable the Router's Firewall
Most routers have a built-in firewall that's off or in a default permissive state. In your router settings, ensure the firewall is enabled and set to block unsolicited incoming connections.
Update Your Router's Firmware
Router manufacturers release firmware updates to patch security vulnerabilities. Many routers never receive these updates because the owner doesn't know they exist. In your router's admin interface, look for a firmware update option and check for updates. Some modern routers can be set to update automatically.
Consider a Privacy-Focused DNS
Your router's DNS settings determine which servers translate domain names to IP addresses. By default, this goes through your ISP, which can log every website you visit. Change your router's DNS to a privacy-respecting alternative: 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9), or 94.140.14.14 (AdGuard DNS, which also blocks ads network-wide).