How to Secure Your Home Router
Your home router is the gateway between every device you own and the internet. A poorly secured router can expose your entire network to attackers, enable traffic interception, and allow unauthorized devices to piggyback on your connection.
Critical Security Settings to Change
| Setting | Default (Insecure) | Recommended |
|---|---|---|
| Admin password | admin / password | Long, unique random password |
| Wi-Fi password | Printed on router label | 20+ character passphrase |
| Wi-Fi encryption | WEP or WPA (TKIP) | WPA3 or WPA2-AES |
| Remote management | Often enabled | Disabled |
| UPnP | Enabled | Disabled unless required |
| WPS | Enabled | Disabled (vulnerable to brute-force) |
| Default SSID | "NETGEAR_xxx" or similar | Custom name without brand/model info |
| Firmware | Factory version | Latest available version |
Network Segmentation Best Practices
- Create a separate guest network for visitors and IoT devices - Keep them isolated from your main computers.
- Assign static IPs or DHCP reservations to known devices so you can spot unknown ones easily.
- Review the connected device list in your router admin panel monthly.
- Disable SSID broadcast only as a secondary measure - It provides minimal security on its own.
- Enable your router's built-in firewall and set it to block unsolicited inbound connections.
Firmware and Lifecycle
Most consumer routers only receive firmware updates for 3–5 years. If your router is older than that, the manufacturer may no longer patch security vulnerabilities. Check the support page for your model and consider replacing outdated hardware with a model that supports OpenWRT or a vendor with a strong update track record.