How To + Security & Privacy

How to Secure Your Home Router

Posted on June 22nd, 2018 by

How to secure your home router

A home router is your gateway to the Internet. When configured correctly to be secure, your home router can act as a first line of defense against network intruders. Configured incorrectly, however, and your router can be an open door allowing hackers and cyber-criminals to infiltrate your network and potentially access your computers and files.

Configuring a home router isn't complicated, but many people don't make needed changes to the default settings when they set up the device—and you might be one of them, but it's okay, we're here to help! Have you changed the default settings in your home router? When was the last time you checked your router settings to be sure it's as secure as can be? Follow along below, and we'll show you the main settings you can change right now to ensure your home router is secure and protects you from hackers.

How to Access Router Settings

For most routers, you access settings by way of a Web browser. One notable execution is Apple's Wi-Fi devices—configured using the AirPort Utility app—but in most cases, the IP address for the router is 192.168.1.1. Type this IP address in your Web browser and it will load a configuration page.

If this isn't the right address, you can find the correct address on a Mac by holding down the Option key and clicking the Wi-Fi menu in your menu bar. You'll see a lot of information, including your router's IP address.

Another way to find this is to open System Preferences > Network > Advanced. Click the TCP/IP tab, and you'll see your router's IP address in the data presented.

Change the Administrator's Password

In order to be able to configure your new router, these devices are generally shipped with a default administrator's password. Often the default username is admin and the default password is admin. You'll find your router's default username and password in your router's documentation, and if you don't change it, anyone who can access the router will be able to change its settings.

Don't think that hackers don't know what these passwords are; there are plenty of websites (like this one) that provide a database of default passwords. This is great if you have a new router and can't find the password, but it's also great for hackers if they want to hack into your home router.

The first thing you should do when setting up your home router is change the default password. Don't think that simply creating a new user with a secure password is sufficient enough to secure your home router; instead, you must change the default administrator's password, because that account will always be able to access the router. And, of course, make sure it's a secure password! (RELATED: How to Create Secure Passwords.)

Change the Wi-Fi Password

There's one password to access a router's settings, and there's another password to access its Wi-Fi network. Some routers will have a simple default password—similar to the administrator's password mentioned above—and others may not set a password at all. As above, create a secure password, but one that is easy to remember; you may need to give it to friends, family, or other visitors, so they can share your network.

If your router offers a guest network feature, turn that on, and set a password. When visitors want to use your Wi-Fi, have them use that network, rather than the one you use. It prevents them from accessing any of your devices that use the main network.

Change the SSID

The SSID is the name of your router's Wi-Fi network that is broadcast. You'll see this when you go to connect to a new network, such as in the iPhone's Wi-Fi settings.

There are a number of reasons why it's a good idea to change this, which we discuss in great detail on a recent episode of the Intego Mac Podcast.

Don't choose a name that identifies you, and don't include any personally identifiable information. If you use such information and live in an apartment, for example, people will know whose network it is, and this may tempt them to try and access it.

Update Firmware

Every computing device has firmware, or software that is stored on a chip that is used to run the device. And given the security needs of a router, it's likely that this is updated from time to time. Check your router's settings and see if there are any firmware updates. If you're not sure, check the manufacturer's website. Some routers allow you to turn on automatic updates; if possible, do this, so you don't have to worry about checking for new firmware. Unlike on a computer or mobile device, you won't get any notifications that new firmware is available, unless you go to the router's settings.

Turn Off UPnP

UPnP, or universal plug and play, is a feature most routers have that allow apps or devices to send and receive traffic through routers. It may make it easier for you to use certain devices, such as video game consoles and media servers, which may need to receive communications from outside your network, but this can be a security risk. If you need this feature, you probably know why; if not, it's a good idea to turn this off.

Turn Off Wi-Fi if You're Not Using It

Some people may use a router to connect to the Internet, but then use another device to provide Wi-Fi in their homes. In my case, for instance, because of the location of my router and the size of my home, the router's Wi-Fi couldn't reach far enough. So I bought a NetGear Orbi mesh Wi-Fi system, which allows me to have coverage in every room of my house. Since I don't need the Wi-Fi on my router, I've turned it off. Leaving it on would mean that there is a potential for someone to discover my network and access it. And turning it off reduces potential interference for the Orbi.

Also, some routers provide two Wi-Fi networks: one using the older, slower 2.4 GHz spectrum, and another using 5 GHz. Depending on your devices, you may not need both of these turned on. Check to see whether you can turn off one of these networks; doing so is more secure, and it could speed up your network throughput a bit.

Going Further...

There are more settings on your router, such as MAC address whitelisting, which lets you tell your router to only allow certain devices to connect to it; for instance, USB file sharing, which lets you connect a hard drive to the router, but which could allow hackers to access files, and more. Have a look through the settings, then check your manual, to find any features that are enabled that you don't need to use, and turn them off.

Further Reading:

About Kirk McElhearn

Kirk McElhearn writes about Macs, iPods, iTunes, books, music and more on his blog Kirkville. He is co-host of The Committed: A Weekly Tech Podcast, and a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than twenty books, including Take Control books about iTunes, LaunchBar, and Scrivener. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →
  • Charlie Lewis

    All very good recommendations, but most all are unavailable to those of us who use the devices provided by our ISPs.

  • Figo

    “Also, some routers provide two Wi-Fi networks: one using the older, slower 2.4 GHz spectrum, and another using 5 GHz. Depending on your devices, you may not need both of these turned on. Check to see whether you can turn off one of these networks; doing so is more secure, and it could speed up your network throughput a bit.”

    Please provide the technical rationale behind this, as I’ve never seen a security engineer make this recommendation before. Also 2.4 GHz has MUCH better wall penetration than 5 GHz, because the wavelength is longer, so limiting yourself to just 5 GHz would only work in locations where you’re always in close proximity to your router.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}