With so much internet traffic passing over Wi-Fi in modern times, it makes sense to look at the security and safety of wireless network, both in public places and private homes.
With a lot network traffic containing sensitive information like private emails, login passwords and financial details, online security is more important now than ever. Just how secure is modern Wi-Fi?
Put simply, modern wireless networks in homes tend to be reasonably secure, but still have certain vulnerabilities and weaknesses that can be addressed.
We will look at the present state of Wi-Fi technology including potential security weaknesses and vulnerabilities in public Wi-Fi in particular and possible solutions to the problem, including changing various router settings and Virtual Private Networks (VPNs).
Here’s a quick summary of the main things to do to make your Wi-Fi more secure:
- Make the router and Wi-Fi passwords long and complex.
- Disable the WPS or auto pairing system on your router.
- Use a VPN to encrypt and secure connections on a device.
- Use MAC filtering to only allow specific devices onto a router.
- Set up a Guest Network on your router.
- Make sure your router and devices are up to date.
- Hide the SSID of your router.
- Don’t use WEP security protocol (switch to WPA instead)
- Keep router in a safe secure location in public buildings.
- Use wired connections instead of Wi-Fi
Let’s look at each point in more detail below.
Tip #1 – Use Long, Complex Router & Wi-Fi Passwords
It is always a good idea to change the default username and password of your router as hackers have algorithms of commonly used default usernames and passwords that they will run first to hack into routers.
If someone has not changed their username and password from the default one supplied by their ISP then they will be first in line to be hacked.
To change your username and password you need to log in to your router by typing it’s IP address into the navigation bar of any browser.
Here are the general steps to change a router Wi-Fi password (brands obviously vary a little):
- Log in to your router. This usually means typing in a specific IP address into a browser address bar; it is often 192.168.0.1, 192.168.1.1 or 192.168.1.254 or may be something different. If you don’t know it, it will be on the back of your router somewhere along with the login admin/ password, or Google it.
- Type in the admin and password – again will be on the router somewhere or online. If the person has changed these then you’ll need to do a full factory reset of your router.
- Browse around the menus to find the place where you change your password. This may be under Wireless Settings/Security/Advanced, or there may be a specific option/button to change password.
- Find the Wi-Fi password boxes and change and confirm your new password. Make it complex, long and unique for maximum security.
- Save settings and exit/logout the router.
- You may need to quick reset the router just to refresh everything. There is usually a button to do this on most routers now.
- All devices should now have to enter the new password you set to access the Wi-Fi.
- For US readers – click the links to see specific steps for AT&T, Comcast/Xfinity and Verizon users.
- For UK readers – click the links for specific steps for BT, Virgin Media, Sky and TalkTalk
The username is often also called the SSID and needs ideally to be changed to something that is inconspicuous and known by your household but not easy to guess for strangers. For example, calling your router “familyrouter” is not very secure as it is an obvious name and easy to guess. Changing it to something like “walestrip2008” or something else that means something to your family but no one else is better as it is far harder for hackers to guess.
Similarly passwords ideally need to be complex and hard to guess with a mixture of numbers, letter, symbols, uppercase and lowercase to make them hard to crack. The default of “password” that so many routers come with is useless for security as it is the first thing hackers will try so it is a good idea to change your password ASAP. Again a memorable family phrase or inside joke that others will not guess might be a good option.
What we’ve described above is how you change the Wi-Fi password – the password someone types to actually log onto your Wi-Fi and use the router.
For maximum security, however, it is also a good idea to change the actual router login credentials as well, away from the default password/admin values.
This is what you actually type into a browser bar to access the router itself to change other settings. If this is left as the default, a hacker can easily find this and get access to your router, and change all the settings from there to lock everyone out of the network.
So it’s best to change your router login as well. Here are the steps for this.
- Login to your router as described above by typing the current IP/admin/password in. This is usually on the back of the router on a sticker somewhere
- Once inside your router, you are looking for the option to change the router login details (not the Wi-Fi network password – this is different and covered just above).
- This might be under Settings/Access/Admin/Password or something similar. It will vary with each router.
- Change your router admin/password to something long, unique and complex to add an extra layer of security to your network.
- You must be sure to remember what you changed it to though, since if you forget this you’ll have to do a full factory reset of your router to reset everything back to default values and start again.
Tip #2 – Disable WPS on Your Router
It is also a good idea to disable Wi-Fi Protected Setup (WPS) features on our router to make it more secure. This is the feature that allows you to connect a device with your router in the house by simply pressing the WPS button and waiting for the devices to pair up.
It is convenient option as it allows you to connect quickly to a router without passwords, but it leaves your router vulnerable to hacking as WPS keys are known to be relatively easy to crack. Turning off the feature makes your router more secure and in truth the WPS feature only saves you maybe 20 seconds versus entering the password anyway so it is not essential.
To turn off WPS log in to your router using the 192.168.x.x format and go to the Admin Panel or similar where it is usually possible to disable WPS settings.
Tip #3 – Use a VPN to Secure Your Connections
A Virtual Private Network is another excellent way of securing your private or public Wi-Fi network. It is essentially a piece of software that routes your internet traffic through a private virtual “tunnel” that makes it only accessible and visible to you. It is a very strong method of data encryption and is very hard to crack. See our article on the subject for more information.
The benefits of a VPN differ slightly between private and public networks. On a private home network they do not stop your router being hacked so much as hide your browsing activity from others. They will encrypt and secure all your information so that no one knows what you are sending or where. But they will not stop someone for example hacking into your router to steal bandwidth or spy on other people on the network.
A VPN will secure a device’s connection to the Wi-Fi network to protect from hackers and snooping
That is why VPNs are best to use in conjunction with the other measures we propose in this article. They are more a tool for personal privacy than to protect routers from being hacked. They are great for people wanting to counteract Government snooping and surveillance and to encrypt and protect their own personal data from hackers.
But obviously only individuals who are using a VPN on a wireless network will get this protection; users on a wireless network who aren’t using a VPN will still be vulnerable. To mitigate this some VPNs can actually be installed on multiple devices and home routers to provide more generalized protection to an entire house. We will detail some VPNs that have this feature below.
On public Wi-Fi networks though the benefits of using a VPN are definitely more pronounced, as they ensure your personal data is encrypted and protected, which is often not the case on public Wi-Fi. So if you are going to enter personal information or passwords over a public Wi-Fi network, like a cafe or airport, we recommend only doing so if your connection is secured using a VPN.
There are lots of different VPNs you can choose from, both free and paid. Free options tend to be quite slow and often have bandwidth usage caps and other limitations. For a paid VPN, some good options are shown below (NB. Links in the table are affiliate links).
|Provider||Price (12 months paid in advance)||Number of servers/countries||Number of Devices Allowed||Main Benefits|
|Private Internet Access||$3.33/month||10,000/84||10||Review here|
|ExpressVPN||$8.32/month||1700+/94||5||Good for streaming|
|AtlasVPN||$3.29/month||750+/34||Unlimited||Cheap no nonsense option|
|PrivadoVPN||$2.50/month||61/47||5||Great value plans|
*Tunnelbear do offer a free plan but it only comes with a 500MB monthly data allowance. For any kind of heavy browsing, video streaming or downloading you will probably need a paid plan.
*Flash deals and discounts are common with VPNs, so if you click the links to check the price, you may often find a cheaper price than the one listed.
Tip #4 – Use MAC Filtering to Restrict Network Access
This is another tactic that can used to add more security to a Wi-Fi network, by only allowing access to the router to certain devices, identified by their MAC address.
A MAC address is a unique identifier that every device has; a combination of numbers and letters. By identifying the MAC address of friendly (and unfriendly) devices on a network, you can only allow access to certain devices with certain MAC addresses, and block anything else from using your Wi-Fi network.
However, here are the general steps for MAC Filtering on a router:
- Login to your router as detailed above using it’s IP address (commonly 192.168.0.1 or 192.168.1.1), admin and password.
- Once inside, find a list of connected devices by MAC address, under Devices/Wireless and sort out which devices you want to allow onto or kick off the network. Some devices are named (eg. Mike’s PS4), which make it easier, and it often also tells you the device type (eg. Android, PC, etc). You can usually tell which devices are which after a while.
- See this definitive guide to finding the MAC address for any device to sort out which device belongs to who.
- Once you’ve sorted this out, you are looking for MAC Filtering settings, often under Wireless, Devices, Advanced, Security or similar.
- Select or enter in the MAC addresses of the device(s) you want to allow onto or remove from the network, and select the Allow (friendly devices) or Deny/Disable/Block option (hackers).
- Save settings and exit the router.
- The disabled devices are now blocked from accessing that Wi-Fi network.
- This method can be circumvented by advanced users, but is good as a basic step.
An example of a MAC filtering page on a router. Enter in the MAC addresses and select allow or block to control access
Be aware however, that an experienced hacker will be able to clone or “spoof” a MAC address and still gain access to a Wi-Fi network, so this option should not be used on it’s own, but also in conjunction with some of the other tips mentioned in this guide.
For dealing with stubborn hackers and bandwidth hoggers on a Wi-Fi network, see our full article on the different ways to kick people off your Wi-Fi.
Tip #5 – Set Up a Guest Network
This is a more specialized solution that can be used in specific cases, but can still work. Most routers allow you to set up a Guest Wi-Fi Network that is separate from the main Wi-Fi network, with it’s own SSID (name) and password. Guests and lodgers can then connect to this network instead, rather than your main Wi-Fi network, to keep things more private. Great for people that rent out on Airbnb and other platforms a lot.
Here are the general steps for setting up a guest network (if available):
- Login to your router as detailed above using it’s IP address (commonly 192.168.0.1 or 192.168.1.1), admin and password.
- Once inside, you are looking for some kind of Guest Network option. It might be buried under Advanced, Wireless or Network Settings or similar.
- Once you’ve found it, simply set the name/SSID and password for the guest network, and make a note of it to give your guests. You don’t even need to set a password if you aren’t bothered about it.
- Users connecting on your guest network won’t have access to your main Wi-Fi network, or to file sharing options. Their network should be entirely self contained.
- This option isn’t available on all routers.
Tip #6 – Make Sure Your Router & Devices Are Up to Date
A commonly mentioned one, but still as important now as ever. Routers and devices are being constantly updated and patched to fix security vulnerabilities, so it is important to make sure these updates are installed to keep on top of any security issues.
For example, router and device manufacturers quickly released security updates in response to the KRACK attack of 2017, where vulnerabilities were discovered in the WPA-2 Wi-Fi protocol.
Most routers (and devices now) will actually auto-update these days anyway, but in any event, it is still a good idea to log into your router, find the Updates section and make sure your router is upgraded to the latest firmware.
With your devices, make sure your operating system, browser and apps are all updated to the latest version by checking their Settings menus or making sure Auto-updates are enabled.
Tip #7 – Hide the SSID of Your Router
This is another stealthy little trick that you can try to conceal your Wi-Fi network, so it can’t been so easily seen by others.
Normally when your device tries to connect to local Wi-Fi, it will scan the area and pull up a list of Wi-Fi networks in range. You can sometimes stop your router from showing up when people do these scans, so there is less chance of someone trying to hack it.
You can stop your Wi-Fi network showing up on a “found networks” list like this when other devices look
Here are the steps for “hiding” your Wi-Fi network to make it harder to hack:
- Log into your router as described above, using it’s IP address, admin and password. IP is most commonly 192.168.0.1 or 192.168.1.1 or 192.168.1.254.
- You are looking for Wireless, Wireless Settings, or possibly Security.
- There should be an option somewhere on SSID Broadcast or Visibility.
- Make sure this option is set to Off or Disabled, or the box allowing SSID Broadcast or Visibility is not checked. Or there may be an option to Enable Hidden Wireless.
This is basically telling your router to not send out a signal broadcasting it’s SSID (name) to nearby devices. Again though, as with MAC Filtering, it is not a fool-proof security measure, as an experienced hacker can still find a hidden SSID. It’s best to use this step in conjunction with others, like using a VPN and having strong, complex router and Wi-Fi passwords.
Tip #8 – Use WPA Wi-Fi Security Protocols (Not WEP)
This is another tip for older routers that may use the WEP wireless security protocol, which is not the safest. It is a good idea to switch to the newer and more secure WPA protocols.
Here are the steps to do this:
- Log in to your router. This usually means typing in a specific IP address into a browser address bar; it is often 192.168.0.1, 192.168.1.1 or 192.168.1.254 or may be something different. If you don’t know it, it will be on the back of your router somewhere along with the login password.
- Once inside the router, look for “Wireless Settings“, or “Wireless Security“, or something similar.
- If your current encryption mode is set to WEP, try changing it to WPA, WPA2-PSK (AES), or WPA3 protocols.
- These are more secure and harder to hack than the older WEP protocol.
Tip #9 – Keep Your Router Secure if Necessary
On a more general level it may be best to keep your router in a safe hidden location in your house if possible, like secured down in a closet or cupboard. This is perhaps more relevant for businesses than individuals but it is always an option to make sure your router is in a safe secure location if in your situation lots of strangers could have physical access to it.
Also if you change your login and Wi-Fi passwords as mentioned above, you ensure that even if someone does get unauthorized access to your router, the default admin/passwords on the sticker won’t work, as you’ve now set custom ones they won’t be able to guess.
Tip #10 – Use Wired Connections Instead
This is another lesser mentioned tip, but does actually work, since wired connections are much more secure than Wi-Fi in general – interception of an ethernet connection is almost impossible compared to Wi-Fi, which is much more vulnerable unless users take steps to secure it.
Therefore it can be a good idea to switch to wired connections for any devices you can and bypass using Wi-Fi altogether. This could be useful if you have a persistent hacker neighbor constantly breaking into your Wi-Fi, and just switching to ethernet and turning off the Wi-Fi on your router altogether can be a good alternative to improve the security of your home network.
Powerline adapters can be a good way of installing multiple access points around the home. Obviously not all devices can use ethernet these days – some have to use Wi-Fi – but it’s worth considering for some devices if security is an issue.
Summary – Combine a Few Methods
There’s lots of different ways to make your Wi-Fi network more secure, but the best strategy is probably to combine a couple of the main methods, and also use some of the other more specialized tips when needed.
Here are 3 good steps to implement all together to really boost Wi-Fi security:
- Use strong passwords for your router and Wi-Fi network
- Use a VPN to secure each device’s own wireless connection.
- Turn off WPS Settings.
Just these 3 things right away can make a Wi-Fi network much harder to hack into. You can then add some other steps we’ve covered for even greater security. Hiding the SSID and using MAC Filtering are two other good methods that can supplement the first 3.
Also making sure you’re not on the WEP security protocol is important to check if you are using slightly older devices and routers. Just covering these simple bases should make the vast majority of home Wi-Fi networks plenty safe enough for most users.
Staying safe on public Wi-Fi is of course a different challenge, because you don’t have so much control over the settings of these networks. See our full article on public Wi-Fi security for more specialized tips for staying safe on these networks.