Quick Links

Securing your Wi-Fi network isn't super hard, but you do have to take a moment or two to do it. Here are some common mistakes people make so you can avoid them, secure your network, and get back to enjoying the internet stress-free.

Wi-Fi Security Isn't Hard, It's Just a Hassle

Before we highlight the simple ways people leave their home networks vulnerable to exploitation, let's highlight the most common reason why their networks end up vulnerable in the first place: it can be a hassle to fuss with settings and update hardware.

It's not an end-of-the-world level hassle but a hassle nonetheless, and when you're busy, it's easy to put it off. But if you've been putting it off for a while, we'd strongly encourage you to set aside some time and update your Wi-Fi settings (and router, too, if need be).

To change any of the settings we talk about in the rest of the article, you'll need to log you into a router to make adjustments. Here's how to find your router's IP address so you can plug it into a web browser on any device on your local network to access the router's control panel.

Your Wi-Fi Router Is Ancient

Nobody likes wasting money, and if your router seems to be working fine, replacing it certainly feels like a low priority.

But just because your Wi-Fi router still powers on (and, however slowly, feeds the internet to your smartphone and other gear) doesn't mean you should use it until it outright dies on you. In fact, it's probably time to throw your old router out.

Not only is old hardware slower and offers a worse user experience, but the older your Wi-Fi router the more likely it is that your router no longer gets firmware updates. No firmware updates means no security updates or patches. You're a sitting duck when new exploits are discovered for old hardware and the manufacturer is no longer releasing updates for your router. If yours is that old, then it's time for a new router.

You Never Update Your Router's Firmware

Speaking of firmware updates, if you don't have your router set to apply updates automatically or you never check for updates and manually apply them, you're leaving performance improvements and security updates on the table.

Staying on top of updates is among the lowest-hanging fruit in the Wi-Fi router security game and has the biggest benefits. Not only will your router be patched against new security vulnerabilities, but router updates include tweaks to radio optimization and other small improvements that make your router run better.

You're Using a Weak Password (or None At All)

You don't need to make your Wi-Fi password as long as possible, but there's no reason to use a weak one. Yes, typing in Wi-Fi passwords is a pain, especially if you're pecking on a little phone keyboard or, worse, a little touch screen on a networked printer or similar device, but we don't enter passwords that way enough to justify making our Wi-Fi network password something terrible weak like "password" or "qwerty."

Worse, don't leave your Wi-Fi network wide open unless you want your neighbors stealing your Wi-Fi or potentially getting a visit from lawyers, cops, or both because somebody did something illegal on your open Wi-Fi network. Might be time to check who is connected to your Wi-Fi network.

Sure, if you live in the absolute middle of nowhere and your nearest neighbor is a ten-minute walk down the road, running an open Wi-Fi network isn't as bad as it would be if you lived in an apartment building. But still, it's the equivalent of leaving your doors unlocked and your windows open. There's just no good reason to leave your Wi-Fi network wide open.

You're Using Outdated Security Standards

Right up there with using a weak password is using outdated security standards on your Wi-Fi router. The early iterations of Wi-Fi encryption protocols like WEP are so weak they can be cracked almost instantly. WPA and WPA2 are both compromised at this point, although WPA2 is still far better than WEP or WPA. All of them have been superseded by WPA3.

At this point in early 2023, when not all devices support the newest Wi-Fi encryption standard, your best bet is to upgrade your router to a model that supports not just WPA3 but also Transitional WPA2/WPA3 mode. This way, your older devices that can't use WPA3 will still connect to the router, and when you eventually phase them out, you can switch to just pure WPA3 mode.

You Haven't Updated the Default Administrator Password

Historically, consumer routers shipped with simple default passwords like admin/admin, admin/password, or other common combinations. Most people never updated from the default, and anyone who knew the default login for that particular router model could access it.

While some router manufacturers have transitioned towards using a pseudo-random password printed on the router label, it's still quite uncommon, and millions of routers still use the ol' admin/admin type default login. You should log into your router and change it.

You're Using the "Random" Wi-Fi Password

Speaking of pseudo-random, although manufacturers haven't done much to randomize the administrator password most routers now ship with a pseudo-random default Wi-Fi password printed right on the label.

The thing is, those pre-generated Wi-Fi passwords aren't as random as they seem, and they're usually on the short side. It's better to replace them with a strong and unique password.

You Haven't Disabled Insecure Services and Protocols

Your router includes many features intended to make using the router and connected devices easier. Unfortunately, things that make connecting devices easier usually come with tradeoffs and security vulnerabilities.

There are two big examples on consumer routers you should turn off immediately. One is Wi-Fi Protected Setup (WPS), which allows you to connect a device to your router with a button push. It has known vulnerabilities and you should disable it and set up your devices manually. The other is Universal Plug and Play (UPnP), a protocol that makes it easy for devices on the network to find each other and negotiate a connection.

Both of those things do exactly what they promise to do, but both have known vulnerabilities that expose your network.

You Have Remote Access Turned On

When you're at home, you can log into your router's control panel using a local address. When you are away from home, you cannot unless you have remote access turned on.

The vast majority of people do not need to make serious changes to their router while out and about or away on vacation. Unless you have a pressing need to administer your home network remotely, you should turn off remote access so only someone with physical access to your router's Ethernet ports or the Wi-Fi password could access the administrator login page.

You Don't Use Guest Networks

Back in the day, when guest networks were a rare feature on consumer-grade routers, you could be forgiven for giving people access to your main Wi-Fi network. But today, even inexpensive routers have guest network capabilities.

There's no reason anymore to give a guest in your home the primary network password. There are so many benefits to using a guest network on your Wi-Fi router, like isolating guests away from areas of the network they don't need to access (like your NAS, filled with personal photos and files). And it's easy to change the guest network password without disrupting your household. Only the guests need it, and they can get a new one the next time they visit.

When you enable your guest network, review our guide to guest network settings to ensure you've configured it in a way that is optimal for you and your guests.

You Put Smart Home Gear on the Main Network

Guest networks aren't just great for guests visiting your home. They're also great for corraling smart home devices so that they can still access the internet for any cloud-based functionality but can't connect with devices on your local network like your NAS or personal computer.

Internet of Things (IoT) design and security practices might not be something you think much about. But if you're even a little worried about the security problems IoT products potentially introduce, it's worth putting them on a guest network.

And by the way, although the name sounds good there's no point in using a "hidden" Wi-Fi network. If you are, you should stop hiding your W-iFi network. A hidden Wi-Fi network isn't as private as you might think, and it actually poses some unique privacy problems.