Dennis Hackethal’s Blog

My blog about philosophy, coding, and anything else that interests me.

How to Secure Your WiFi Router

Published · 1-minute read

Your WiFi router’s default settings can be dangerous. You should change them to secure your home network. I’m not a networking expert, so follow these steps at your own risk, but I believe they should make your home network more secure.

  1. Change default credentials to more secure alternatives.

    Routers usually come with default credentials printed on the casing somewhere. Use them once to set up your router, then change them to something more secure. The password is usually pretty short and not exactly safe from brute-force attacks. Use a password manager to generate store a more secure password for you, then update the password in your router’s admin panel.

  2. Change the default SSID to something else.

    The SSID is your ‘service-set identifier’, aka your network name. Automated hacking tools will try default settings first, so it’s a good idea to change the SSID to something new. Don’t include any personal information. Something like ‘cats-are-great’ is a fine SSID.

  3. Do NOT hide the SSID.

    It may sound counterintuitive, but hiding the SSID will just cause your devices to constantly ping the surrounding area asking if the known network is there. For example, if your cellphone is connected to your WiFi at home and then you take it outside, it constantly broadcasts your home SSID to the public. I’m not aware of any benefits to hiding the SSID.

  4. Disable Universal Plug and Play (UPnP).

    Depending on your router, UPnP settings can be located under ‘Device Discovery’.

    […] UPnP servers provide admin-like control over router configuration to any unauthenticated machine on the network over HTTP.

    As Dorsey explains, UPnP makes your router susceptible to DNS-rebinding attacks. These are powerful attacks that can control other devices on your network (IoT) and even de-anonymize TOR users. Nasty stuff.

  5. Disable remote management.

    Again useful for reducing attack vectors, particularly IoT-related ones.

  6. Enable WPA3, if available.

    WPA3 (WiFi Protected Access 3) is the latest security standard for WiFi networks. It offers the best encryption and password protection. If you have so far been using WPA2, force previously connected devices to switch to WPA3 by ‘forgetting’ and rejoining the network, otherwise they may continue using WPA2. Once again, use a password manager to generate a strong password.

What people are saying

What are your thoughts?

You are responding to comment #. Clear
Markdown supported. cmd + enter to submit. You have free speech here. You’re responsible for what you write. Terms, privacy policy
Your real name is preferred.
This small puzzle helps protect the blog against automated spam.

New GPG-sign your comment to create or add to a public profile with all your comments. Your name is derived from your public key. No puzzle required.

Paste a detached signature of your comment. 

              


              

                
                
                
                  Paste your public key if you haven’t before. You consent to your key’s contents being displayed to the public.
                
                

              

            

          

        

      

    

    

      
Preview

      


    

  


  



  

    
   Be notified of new comments on this post
  via RSS