Back to How To Guides
How To Guide

How to Secure Your Router Against Unauthorised Access

Protect your home network from hackers and unauthorised users. Change default passwords, update firmware, configure encryption, and lock down your router.

Overview

Routers are prime targets for hackers. Default passwords, outdated firmware, and weak security settings leave networks vulnerable. This guide secures your router with essential protections.

Step 1: Secure Admin Access

1

Change Default Admin Password

  • Access router settings (usually 192.168.1.1 or 192.168.0.1)
  • Log in with default credentials (check router label)
  • Navigate to Administration, Management, or System
  • Find "Change Password" or "Admin Password"
  • Create strong password (12+ characters, mix of letters/numbers/symbols)
  • Save and log back in with new password
Critical Security Step:

Default admin passwords like "admin" or "password" are publicly known. Hackers try these first. Changing this is your most important security step.

2

Change Default Admin Username

  • If router allows, change default username too
  • Not all routers support this
  • Use unique username (not "admin")
  • Makes brute-force attacks harder
3

Disable Remote Management

  • Router settings → Advanced → Remote Management
  • Turn OFF remote access/management
  • Prevents access to router from internet
  • Only enable if absolutely necessary for specific services
  • If enabled, use VPN instead of direct access
4

Enable HTTPS for Admin Interface

  • Some routers allow HTTPS-only admin access
  • Administration → Security
  • Enable "HTTPS" or "Secure Administration"
  • Access router with https:// instead of http://
  • Encrypts login credentials

Step 2: Secure Wi-Fi Network

1

Use Strong Wi-Fi Password

  • Minimum 12 characters (16+ recommended)
  • Mix uppercase, lowercase, numbers, symbols
  • Avoid dictionary words, names, dates
  • Example: "MyH0me!WiFi#2024"
  • Don't share password widely
  • Use guest network for visitors
2

Use WPA3 or WPA2 Encryption

  • Wireless Security settings
  • Select WPA3 Personal (newest, most secure)
  • If devices don't support WPA3, use WPA2 Personal
  • Never use WEP (extremely insecure)
  • Never use Open network (no password)
3

Hide SSID (Network Name)

  • Wireless settings → SSID Broadcast
  • Disable "Broadcast SSID" or "Visibility"
  • Network won't appear in available networks list
  • Must manually enter network name to connect
  • Provides security through obscurity
  • Not foolproof but adds layer of protection
Trade-off:

Hidden SSID is less convenient (guests can't see network). Best for homes without frequent visitors. Use guest network instead if you have many visitors.

4

Disable WPS (Wi-Fi Protected Setup)

  • WPS allows easy connection via button or PIN
  • But WPS PIN is vulnerable to brute-force attacks
  • Wireless settings → WPS
  • Disable WPS or set to "Disabled"
  • Manually enter password instead
5

Change Default Network Name (SSID)

  • Default SSIDs reveal router model (e.g., "NETGEAR-5G")
  • Hackers know vulnerabilities for specific models
  • Change to non-identifying name
  • Avoid personal information (no surnames, addresses)
  • Example: "HomeNetwork2024" not "SmithFamily"

Step 3: Keep Firmware Updated

1

Check Current Firmware Version

  • Router settings → Administration or System
  • Look for Firmware Version or Software Version
  • Note version number and date
  • Compare with manufacturer's latest version
2

Update Firmware

  • Administration → Firmware Update
  • Click "Check for Updates" or "Update"
  • If available, download and install
  • Router reboots during update (5-10 minutes)
  • Don't interrupt update or power off router
Important:

Never unplug router during firmware update. Interruption can brick router (make it unusable). Update when you can wait 15 minutes.

3

Enable Automatic Updates

  • Modern routers support auto-updates
  • Administration → Auto Update or Automatic Firmware
  • Enable automatic updates
  • Router checks and installs updates overnight
  • Ensures security patches applied promptly
4

Manual Firmware Update (If No Auto Option)

  • Visit router manufacturer's support site
  • Search for your router model number
  • Download latest firmware file (.bin or .img)
  • Router settings → Firmware Update
  • Choose "Manual Update" or "Browse"
  • Select downloaded file
  • Click Update and wait for completion

Step 4: Advanced Security Features

1

Enable MAC Address Filtering

  • Wireless → MAC Filtering or Access Control
  • Enable MAC filtering
  • Add MAC addresses of your trusted devices
  • Find MAC on device: Settings → About or ipconfig /all
  • Only listed devices can connect
  • Tedious to maintain but very secure
2

Disable UPnP (Universal Plug and Play)

  • Advanced → UPnP
  • Disable UPnP
  • UPnP allows devices to open ports automatically
  • Convenient but creates security vulnerabilities
  • Manually forward ports if needed for games/services
3

Enable Router Firewall

  • Security → Firewall
  • Ensure firewall is enabled
  • Usually enabled by default
  • Blocks incoming unauthorised connections
  • Configure firewall level (High, Medium, Low)
4

Disable Unused Services

  • Advanced settings
  • Disable services you don't use:
  • Remote Desktop (unless needed)
  • FTP server
  • Telnet (use SSH instead if available)
  • Guest USB access
  • Every disabled service reduces attack surface
5

Review Connected Devices Regularly

  • Router settings → Device List or Connected Devices
  • Check monthly for unknown devices
  • Note device names and MAC addresses
  • Block any unfamiliar devices
  • Change Wi-Fi password if suspicious device found
6

Enable Logging and Alerts

  • Administration → Logs or System Log
  • Enable logging
  • Configure email alerts for:
  • New device connections
  • Failed login attempts
  • Firmware updates
  • Review logs periodically for suspicious activity
7

Backup Router Configuration

  • Administration → Backup or Save Configuration
  • Download configuration file to computer
  • Store safely (password-protected folder)
  • Allows quick restore if router reset needed
  • Update backup after major changes
8

Security Checklist Summary

  • ✓ Changed default admin password
  • ✓ Disabled remote management
  • ✓ Using WPA2/WPA3 encryption
  • ✓ Strong Wi-Fi password (12+ characters)
  • ✓ Disabled WPS
  • ✓ Firmware up to date
  • ✓ Changed default SSID
  • ✓ Firewall enabled
  • ✓ Guest network configured
  • ✓ Regular device review scheduled

Need Business Network Security?

We provide enterprise router configuration, network security audits, and managed firewall services for businesses.

Get Security Audit Call 01726 76999