1. Change Default Router Credentials
The first thing any attacker tries is default login credentials. Log into your router's admin panel and change both the admin username and password immediately. Use a strong, unique password with at least 12 characters.
2. Enable WPA3 Encryption
Make sure your WiFi network uses WPA3 encryption (or WPA2/WPA3 mixed mode if some devices don't support WPA3). Never use WEP or open networks. WPA3 provides significantly stronger protection against brute-force attacks.
3. Create a Separate IoT Network
Smart home devices like Ring doorbells, Nest thermostats, and smart speakers are common attack vectors. Set up a separate guest network for all IoT devices. This way, if a smart device is compromised, the attacker can't access your computers and phones on the main network.
4. Keep Firmware Updated
Router manufacturers regularly release firmware updates that patch security vulnerabilities. Enable automatic updates if available, or check monthly for updates manually.
5. Disable WPS and Remote Management
WiFi Protected Setup (WPS) has known vulnerabilities. Disable it. Also disable remote management unless you specifically need to access your router from outside your home.
6. Use a DNS-Based Content Filter
Services like NextDNS, OpenDNS, or Cloudflare Family (1.1.1.3) can block malicious domains, phishing sites, and known malware servers at the DNS level. Configure this on your router to protect all devices on your network.
7. Monitor Connected Devices
Regularly check your router's admin panel for unknown connected devices. If you see a device you don't recognize, it could be an unauthorized user on your network. Most modern routers provide a device list with MAC addresses.
8. Enable Your Router's Firewall
Most routers include a built-in firewall — make sure it's enabled. For additional protection, consider setting up a Pi-hole or similar network-level ad/tracker blocker that also functions as a DNS sinkhole.