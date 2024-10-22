If you've picked up a new router or you're building a mesh network, you probably want to bolster your home Wi-Fi security. After all, anyone on your network can see what's going on inside of your network and can connect to all of the devices inside of it, too. That's why it's important to keep things safe and secure, and these tips are where you should begin.

6 Change your Wi-Fi password

Make it safe and secure

Some routers come with a default Wi-Fi password, and while sometimes that password is secure, it can also be a rather basic password that might be easily looked up. Worse still, sometimes the Wi-Fi password might be directly related to the SSID. While I imagine this isn't a common problem anymore, in the past, Wi-Fi passwords that "look" secure have been cracked by using the SSID to derive the password using an algorithm that the manufacturer had used.

On top of that, it's just a good thing that you don't have a physical print-out like that to access your Wi-Fi just easily accessible in an obvious place, especially if you frequently have people in your home that you wouldn't want to connect to your Wi-Fi. You should change your Wi-Fi password if you haven't already.

5 Use WPA3 to protect your network

Or WPA2 at a minimum

Wi-Fi connections are protected by encryption standards, and one of the most important things you can do is ensure that your network is using the latest, most secure encryption method. The current standard is WPA3 (Wi-Fi Protected Access 3), which offers stronger security features than previous versions, making it harder for outsiders to crack your password and intercept data. If your router supports WPA3, enable it in the settings.

If your router is a bit older and doesn’t support WPA3, make sure it’s at least using WPA2. This is the minimum level of encryption you should have enabled. Avoid using WEP (Wired Equivalent Privacy), as it’s outdated and vulnerable to attack.

4 Create a guest network

Good for security and management

Using a guest network is a great way to improve the security of your home network, but there are other benefits as well. The guest network basically creates a separate SSID that your guests can connect to, while your personal devices (such as computers, phones, or smart home hubs) remain on a private network. Many routers have guest network functionality, and you can often limit the bandwidth or connection time for guests as well.

On some of the best Wi-Fi routers, you can choose whether guest devices on your local network can see each other or devices on your main network. If you want to do basic local networking, like casting a video from a phone to a TV, you could enable these options. You can also enable bandwidth limitations or put your smart devices that might be insecure onto your guest network.

You could even then set up a Pi-Hole on this guest network to filter out malicious requests for other people connected to it.

3 Disable remote management

Prevent your router from being modified externally

Many routers have options that allow you to remotely access their control panel from anywhere, so long as you have your home's IP. While this may sound like a useful feature, it's not a good idea to keep enabled unless you really need it. There's basically no instance where you will need to modify your router settings if you're not home, but leaving it exposed like that can allow anyone on the internet to try to get into your router.

In other words, turn this feature off, especially if you don't know what you would want to use it for. If you need to modify your router externally, it's better to use a remote access tool to connect to your PC and then access your browser through your PC at home.

Just like all of your other devices, router manufacturers release firmware updates to patch security vulnerabilities and introduce new features all the time, especially if you have a good router. However, plenty of people forget to do these updates, and many people may never even update their router after they purchase it. That's why you should check for updates, and enable automatic updates if they aren't already enabled.

While your router probably isn't going to be targeted in that way, most people aren't targets in general for attacks. That's why you should keep it up to date regardless, just to make yourself even less of a target.

1 Disable WPS

PIN codes can be brute-forced

WPS, known as Wi-Fi Protected Setup, is a feature that allows you to simply press a button on a router (typically on the back) to broadcast a PIN and then connect with your device. This feature is convenient but has since been deprecated by the Wi-Fi Alliance in favor of Wi-Fi Easy Connect.

If you have an older router you should disable WPS on it so that it can't be used as an attack vector.