Computer Station Nation is reader-supported.
When you buy through links on our site, we may earn an affiliate commission. Learn more.
Your router is the gateway to everything on your home network. And most people never change the default settings after setup. That’s a problem. Here’s how to actually lock down your home router without needing a networking degree.
1. Change the Default Admin Password
This is the most important step and the one most skipped. Your router ships with a default admin username and password (often “admin” / “admin” or “admin” / “password”). These are publicly documented for every router model. Anyone on your network — or anyone who gets to your router’s admin interface — can log in instantly.
Change the admin password immediately after setup. Use something long and unique — not your Wi-Fi password. Store it in a password manager.
2. Use WPA3 (Or WPA2 at Minimum)
In your router’s wireless security settings, confirm you’re using WPA3 if available, or WPA2-AES if not. WEP is completely broken — if your router only offers WEP, it’s time to replace it. WPA3 is more resistant to offline brute-force attacks. If your devices don’t all support WPA3, use WPA2/WPA3 mixed mode.
3. Set a Strong Wi-Fi Password
A weak Wi-Fi password is a weak front door. Use 16+ characters mixing letters, numbers, and symbols. Avoid dictionary words, your address, and anything based on the router brand name. A random 20-character password is essentially uncrackable on WPA2/WPA3.
4. Enable a Guest Network
When visitors ask for your Wi-Fi, don’t give them access to your main network. Create a guest network (available on virtually all modern routers) with a different password. Guest networks are isolated from your main devices — your guest’s phone can’t see your NAS drive, smart home hub, or gaming PC. Set and forget.
5. Keep Firmware Updated
Router manufacturers release firmware updates that patch security vulnerabilities. Most modern routers can auto-update firmware — enable this in your settings. If auto-update isn’t available, check for updates quarterly. A router running 2-year-old firmware has known, unpatched vulnerabilities.
6. Disable WPS
WPS (Wi-Fi Protected Setup) is the button on your router that lets devices connect without entering the password. Convenient, but it has known security vulnerabilities — WPS PIN brute-force attacks are well-documented. Disable WPS in your router settings unless you actively need it.
7. Disable Remote Management
Remote management lets you access your router’s admin panel from outside your home network. Unless you specifically need this, turn it off. It’s an unnecessary attack surface. Find it in your router’s Advanced or Administration settings.
8. Check Connected Devices Periodically
Log into your router app and look at the connected device list. Do you recognize everything on it? Unknown devices could be a neighbor piggybacking your Wi-Fi or something more concerning. Most routers let you block unknown devices directly from the app.
Quick Security Checklist
- ☐ Admin password changed from default
- ☐ Wi-Fi password is 16+ characters, WPA3 or WPA2
- ☐ Guest network enabled for visitors
- ☐ Firmware auto-update enabled (or manual update done recently)
- ☐ WPS disabled
- ☐ Remote management disabled
- ☐ Connected device list reviewed
Takes 20 minutes to do all of this once. Your network will be meaningfully more secure than the average home setup.
