Wait! We Have a Special Deal!

Get CactusVPN for $3.5/mo!

Save 64% Now
30-Day Money-Back Guarantee

How to Secure WiFi at Home (17 Tips)

Secure Wi-Fi

Your online experience has probably become much better ever since you outfitted your home with WiFi. But did you also take the proper security measures to make sure your network can’t be compromised?

If no, here’s how to secure WiFi at home to make sure that cybercriminals will think twice about picking your network as a target.

Why Secure Home WiFi in the First Place? Isn’t It Already Safe to Use?

It depends. You might go your whole life without ever encountering a security issue or cyber attack, or you might be unlucky enough to be targeted by cybercriminals who found out your WiFi’s security is very lax. If that happens, they can listen in on your WiFi traffic and steal any sensitive financial and personal data they want from you.

Unfortunately, the second scenario is far from speculation. As it seems, millions of WiFi networks are actually at risk of being hacked. And like this article shows, hacking a home WiFi network isn’t that difficult.

To avoid something like that, it’s best to take the proper measures. Don’t worry, though – you won’t need to do tons of research by sifting through numerous articles and eBooks since we already got all the info you need right here.

Here Is Exactly How to Secure WiFi at Home

1. Change Your Network’s SSID

If you don’t know what an SSID (Service Set Identifier) is, it’s basically the name of your WiFi network. By default, your router’s SSID will be one of the following:

  • The brand name and/or router model if you got the router directly from the manufacturer.
  • Your ISP’s name if you got the router from them.

If your network’s name reflects the model of your router, it can be a security risk. Why? Because a hacker could see the SSID, and just look up the router’s manual online. If you haven’t changed the default login credentials (like we’ll be discussing in the next tip), the cybercriminal can find that information in the manual, and use it to hack into your router’s console.

If the network’s SSID is just your ISP’s name, it’s not that bad, but it’s still a privacy leak. A very skilled scammer could go to great lengths, like using that information to send phishing attacks to your ISP to steal sensitive information about you. Sure, it’s not something that’s too likely to happen, but there’s always a risk – and it’s not worth taking it.

So, it’s best to just rename your WiFi network. You don’t need to come up with anything too fancy – no political jokes, real names and addresses, or any jokes or references that could give away your identity. Just keep it as bland as possible so that it doesn’t attract any attention.

2. Don’t Keep the Default Password and Username

Pretty much every single router comes equipped with a default password and username. It makes it easy for router owners to quickly access the router’s control panel, but it also makes it simple for hackers to break into routers too. Just think of it – some cybercriminal could just download a router manual in PDF format on the web, and use the login credentials provided in it to break into a specific router.

Pretty scary, right?

That’s exactly why you need to change your username and password – right now if possible. If you’re not sure how to come up with strong passwords, you can use the guide we wrote on that topic for inspiration. You can even use the info there to create a secure username too. Basically, these are the main ideas:

  • Use space characters if possible.
  • Don’t use dictionary words. If you do use real words, just reverse them.
  • Mix together uppercase and lowercase letters, numbers, and symbols.
  • Make your password and username over 15 characters long.
  • Avoid obvious substitutions (like “$” instead of “s”).
  • As a last resort, make your username and password an acronym for a phrase (“YutvtWHe2y“ for “You used to visit the White House every 2 years.”).

And be sure to change the password and username on a regular basis. Once every few months should be okay, but you can also change them monthly or weekly if you feel safer that way.

Also, if you have multiple routers, consider using a password manager (like KeePass, KeePassXC, LessPass, or Bitwarden ) to make keeping track of multiple passwords easier. If you just have one password, however, you can just write it down on a notebook you keep in locked drawer or safe.

3. Don’t Share Your WiFi Password With Everyone

It’s pretty normal to share your WiFi password with your kids or close friends, but you don’t have to give every single person who comes into your home access to it. For example, it’s not really recommended to give your work colleague who you don’t know that well but stopped by to grab some papers and use your bathroom access to your WiFi password. The same goes for visiting salesmen, plumbers, gardeners, or electricians too. Your home isn’t a hotel or a restaurant, after all – they should be using their own data plan instead.

Still, a good workaround in this case is to set up a guest network. This way, you can offer your visitors access to it, and you won’t have to worry about the privacy of your main network (and any devices connected to it) being compromised.

4. Activate WPA2 Encryption on Your Router

WiFi encryption is what makes sure that the wrong people don’t have unrestricted access to your WiFi and all data associated with it. A router can run WEP, WPA, and WPA2 encryption. Ideally, you should avoid WEP and WPA because they are pretty much obsolete, and can be exploited by cybercriminals with ease.

So, check if your router is running WPA2. If it’s running WEP or WPA, switch to WPA2 as soon as possible.

Still, don’t put all your faith in WPA2. While it is more secure than WPA and WEP, it has a weakness too – the KRACK attack. While the weakness was discovered by ethical hackers, there’s nothing stopping ill-intended cybercriminals from using these methods to break your router’s WPA2 encryption.

The people behind the KRACK attack recommend keeping up with firmware updates, but that’s not guaranteed to stop KRACK cyber attacks. Luckily, WPA3 will eventually be released, and that is supposed to fix this vulnerability. Until it becomes widespread enough for you to upgrade to it, though, make sure you follow the rest of the security practices we mention in this guide alongside using WPA2 encryption.

5. Set Up a VPN Connection on Your Router

A VPN (Virtual Private Network) is an online service that can help you hide your IP address, and secure your online connections by encrypting them. It’s a great service to use when using public WiFi because it makes sure nobody can monitor what you do on the Internet.

Well, not many people realize this, but you can also use a VPN on a router right in your own home. True, routers aren’t known to natively support VPNs, but a reliable VPN provider can help you configure their service on your router if its firmware can be tweaked a bit. That way, all the devices that use your home WiFi network will get to use VPN features, meaning all your WiFi traffic will be 100% encrypted by the VPN.

In that case, you won’t even need to worry about a cybercriminal managing to break your WPA2 encryption because the VPN’s encryption will be right there to offer more protection. What’s more, a VPN on a router will protect you from the dangerous effects of WiFi poaching (when someone uses your WiFi without your permission – often for illegal purposes).

Need a Powerful VPN to Secure Your WiFi?

We’ve got just what you need – a high-end solution that offers military-grade encryption, DNS leak protection, and multiple highly-secure VPN protocols.

Not only that, but our service offers high speeds, unlimited bandwidth, and we adhere to a strict no-log policy that ensures your privacy is fully protected.

Special Deal! Get CactusVPN for $3.5/mo!

And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.

Save 64% Now

6. Don’t Keep Your WiFi On if You’re Not Using It

One way to reduce the risk of your WiFi network becoming the target of a cyber attack is to simply turn it off when you don’t need it. For instance, do you really need to keep your router on when you’re at work, on vacation, or sleeping? It’s better to turn it off in those situations to close off any windows of opportunity hackers might have when you’re away from home or sleeping.

Plus, besides the extra security, turning off your router when you’re not at home will protect it from random electrical power surges, help you save a few extra $ in electricity bills, and also protect the environment.

7. Keep the Router in the Middle of Your Home

“Does it actually matter where I keep the router in my home?”

Yes, it does. And it doesn’t just have to do with making sure all your rooms have enough WiFi coverage. It’s mostly about ensuring that the wrong people don’t have access to your WiFi signal.

After all, if you place your router close to a window, some of its signal will go outside, meaning people walking down the street will see it on their mobile devices. At the same time, if you keep your router too close to a wall, there’s a good chance some WiFi signal will reach your neighbor’s house.

That’s why you should keep the router in the middle of your home. It’s a better way of ensuring strangers don’t get the chance to exploit your WiFi signal. You can even try testing out the range by walking around the place where you live with your phone in hand to see if it detects your WiFi signal.

Unfortunately, this advice won’t work too well if you live in an apartment building since your neighbors upstairs or downstairs might still get some of your WiFi signal no matter where you place the router in your home. It’s more useful to do this if you live in a house.

8. Disable Remote Access ASAP

Remote access has its appeal since it lets you control your router’s console over the web without having to use a device that’s connected to your home WiFi network. It’s a good way to solve problems or tweak settings when you’re not at home, and your kids have trouble with the WiFi, for example.

However, remote access also has its downside. If you can use the web to remotely access your router’s console, so can a skilled hacker. The last thing you want is some cybercriminal hijacking your admin account, and abusing your WiFi network to steal sensitive data from you.

So, make sure you turn off this feature if it’s enabled.

9. Outfit Your WiFi With Antivirus/Antimalware Protection

Yes, there actually exist antimalware/antivirus services for routers. How easy they are to set up completely depends on how simple the provider makes it. Regardless of that, if you want to learn how to secure WiFi at home, you need to add this extra layer of protection. Malware attacks have previously targeted routers, so it’s not the kind of thing that should be taken lightly.

WiFi antimalware/antivirus security can come in both software and hardware formats. Some of the best router security solutions that protect your network and the devices connected to it include:

10. Make Sure Your Router’s Firewall Is Enabled

Most routers have a built-in firewall. To check if it’s turned on, just access your router’s console, and check the tab that’s related to security. If you see that the firewall isn’t enabled, turn it on. A firewall is a nice way to offer your home WiFi some more protection since it can be configured to prevent malicious traffic from exploiting your network.

If your router doesn’t happen to have a built-in firewall, you can always purchase a hardware one. Most of the services we linked above work well.

11. Disable UPnP (Universal Plug ‘n Play)

UPnP is actually pretty useful for a router since it lets it communicate with the manufacturer’s website to get updates and other files. UPnP is the protocol that allows smart devices to connect to the Internet in order to offer smart features as well.

Unfortunately, UPnP is also a protocol that’s easy for hackers to exploit. In the example we linked, cybercriminals managed to use UPnP to add around 65,000 routers to a botnet that was involved in criminal activities like phishing, credit card fraud, account takeover, click fraud, and malware distributions – just to name a few “highlights.” Besides that, UPnP has also been used in other malware attacks as well.

That’s exactly why you need to make sure UPnP capabilities and compatibility are turned off on your router and smart devices. To make sure you can get some utility out of it and your smart devices, though, turn off UPnP only after you have got them set up and running.

12. Don’t Use WPS (WiFi Protected Setup)

WPS is pretty convenient since it offers alternative ways to connect to a home WiFi network than just typing in the long password. The methods include:

  • Typing in an eight-character PIN code.
  • Pushing a WPS button on the router.

Sounds much simpler, right?

That’s true, but there’s one big problem – WPS is pretty risky, and puts your WiFi security in danger. For one, the eight-digit PIN isn’t a secure login method since an eight-character password is actually not that secure, and because the WPS eight-digit PIN can be brute-forced since the router checks the first four digits and the last four digits of the PIN code separately. Allegedly, a WPS PIN code can be brute-forced in about a day or so.

What about the WPS button? Well, it’s true that it’s much more secure than the PIN code since it needs to be physically pushed in order for the connection to be completed. However, there’s always a risk that the wrong person (a thief, someone your friends brought over who you don’t really know at all, etc.) could use the WPS button if they have physical access to your router to compromise your WiFi network.

All in all, you could just use the WPS button only if you really (emphasis on “really”) need to use this method of connecting to your WiFi. Just make sure that only trusted people can access it. But if you want to be 100% sure that WPS won’t endanger your WiFi and data, it’s best to just turn it off completely.

13. Make Sure Your Router Firmware Is Always Up-to-Date

Unlike most devices, router firmware updates are a bit more inconvenient. Some router models don’t support automatic update features, so you need to do it manually by browsing the manufacturer’s website. As for most routers that do support automatic updates, it’s a feature you still need to turn on since it isn’t enabled by default.

But all that effort is more than worth it. If you don’t regularly update your router’s firmware, there’s a pretty big chance that you’ll be exposing yourself to all sorts of potential cyber threats. For example, an update could fix something as critical as a bug that allows hackers to gain administrative privileges on your router.

14. Use MAC Address Filtering

Many routers have an option in their consoles called “MAC address filtering” or “MAC filtering.” MAC stands for Media Access Controller, and a MAC address is a unique identifier assigned to a device that can access the web. If you enable MAC filtering, it will make sure that only devices with the approved MAC address can connect to your WiFi network.

Please keep in mind that MAC address filtering is in no way guaranteed to offer you 100% WiFi security. If a cybercriminal were to have access to a WiFi packet sniffer, they’d be able to see the MAC addresses that are allowed on your network. From there on it’s just a matter of changing their own device’s MAC address to the approved address, and they’d be able to bypass MAC filtering.

MAC filtering is mostly useful if you want to make sure your neighbors aren’t abusing your WiFi and exposing it to security risks if they accidentally happen to find out what your password is from you, your friends, or your kids.

15. Keep an Eye on Port 32764

If you’re not familiar with ports, they are numbers assigned to various protocols which dictate how information is sent and received over the Internet. Port numbers function like wireless channels, and blocking one number means a specific protocol is blocked. For example, if you block port 443, you block all HTTPS traffic.

Well, port 32764 is pretty problematic. Why? It’s simple – because it can allow cybercriminals to abuse it in order to monitor sensitive data, and execute all sorts of commands. And here’s the worst part – since 2014, it was pretty known that some router models listened at port 32764.

Now, having a port that is a open is enough of a security risk on its own, but having one that’s so easy exploit be open is even more dangerous. While that issue was allegedly fixed, a firmware update apparently re-introduced the ability to open that port again.

It seems that this issue is mostly restricted to SerComm. Not bad. You just avoid SerComm routers, and everything should be okay, right?

Not exactly. The main problem is that SerComm manufactures and supplies routers to other companies like Cisco, Linksys, Netgear, and Diamond. We recommend checking this list to make sure your router isn’t compromised.

The port listening process can only be activated from within the network, but we still advise using this link to check if your router has the port open. If it does, you need to contact your router supplier ASAP, and ask them for assistance. Normally, they should be able to offer you a solution (like a patch). If they can’t, it’s best to find another company, and get a more secure router from them.

Unfortunately, if you just close the port, it won’t solve the problem. It was already opened once, so it can be opened again.

16. Hide Your Network’s SSID

Just because you have a home WiFi network doesn’t mean you need to broadcast it to the world. It’s best to turn off SSID broadcasting so that it doesn’t attract any unwanted attention. Doing this also helps you avoid having to uncomfortably deny new visitors to your home their requests for your WiFi password since they’ll just see “Hidden Network” or nothing at all on their WiFi connection list.

Of course, if you buy a new gadget, things can be a bit annoying since it won’t be able to connect to your network. But you can easily solve that problem by just enabling SSID broadcasting until the new device is connected, and disabling it again. Don’t worry – connected devices won’t have any trouble reconnecting even if the network is hidden.

17. Lastly – Secure the Devices That Are Always Connected to Your WiFi Network

There’s no point learning how to secure WiFi at home if you don’t also secure the devices that are connected to your network all the time – like your laptop or mobile device, for example. If they become compromised, and you connect them to your WiFi network, it too can become compromised.

To make sure most of your devices are safe, do the following:

  • Install antimalware/antivirus programs on all the devices you can.
  • Install VPN software on the other devices even if you have one configured on your router.
  • Don’t let people you don’t know too well insert USB sticks into your computer or laptop.
  • Make sure all your operating systems and security software are up-to-date.
  • Schedule security scans every day.
  • Don’t interact with shady messages, use script blockers in your browsers (uMatrix and uBlock Origin), and use anti-phishing extensions.

And since you can’t secure your guests’ devices, that’s another good reason to set up a guest WiFi network for them, so that there’s no risk your main network will become accidentally infected with any malware.

How to Secure WiFi at Home – The Main Idea

Home WiFi is one of the most convenient technological developments of the past decades. Unfortunately, it’s not really perfect seeing as how it has many vulnerabilities. So, if you want to know how to secure WiFi at home, here’s what you should try doing:

  • Enable firewall protection on your router. If it doesn’t have a built-in firewall, get a hardware one.
  • Enhance your network’s security with antivirus/antimalware solutions.
  • Configure a VPN on your router to enjoy more encryption.
  • Turn on WPA2 encryption on your router, but keep in mind it’s not 100% secure.
  • Change your network’s SSID, and change the default username and password too. Also, consider disabling SSID broadcasting.
  • Don’t share your WiFi password with everyone. Set up a guest network instead.
  • Disable WPS, UPnP, remote access, and enable MAC address filtering while you’re at it.
  • Make sure your router isn’t listening at port 32764.
  • Always keep your router’s firmware up-to-date.
  • Ensure that all the devices you use to connect to your WiFi on a regular basis are secure.
  • Make sure your router is in the middle of your home, so that its signal doesn’t reach outside.
  • If you’re not using your WiFi (like when you’re sleeping, at work, or on vacation), turn it off.
Posted on
By
Tim has been writing content and copy for a living for over 4 years, and has been covering VPN, Internet privacy, and cybersecurity topics for more than 2 years. He enjoys staying up-to-date with the latest in Internet privacy news, and helping people find new ways to secure their online rights.