Guide to Creating a Secure Home Wireless Network

It’s critical to have a secure home wireless network. If you don’t, hackers or neighbors could land you in a world of trouble. For example, a neighbor might “borrow” your network and commit a crime that the authorities trace to you. Similarly, hackers could infiltrate your network and conduct identity theft, malware and data breach campaigns. Fortunately, it’s easy to set up a secure network. The main thing is to log into your router settings, set Wi-Fi Protected Access 2 (WPA2) encryption and change passwords from their defaults. You don’t have to be a tech whiz. Anyone can create a secure home wireless network.

View from the Experts: Creating a Secure Home Wireless Network

“Make sure you change that default password on your router. Many people have not.”

– Beth McCarty, Owner of TeamLogic IT/Central Pinellas in Clearwater, Florida

https://www.realtor.com/advice/home-improvement/working-from-home-cybercrime-and-hackers/

“If you set up your Wi-Fi network several years ago and haven’t changed any settings since then, you might be using the outdated Wireless Equivalent Privacy (WEP) encryption, which is easily infiltrated by even the most novice hacker. Wi-Fi Protected Access 2 (WPA2) is the current standard and is much more hacker-resistant.”

– Andy O’Donnell, Security Engineer and Analyst

https://www.lifewire.com/securing-your-wireless-network-2487649

“You can disable UPnP [Universal Plug and Play] on your router if you want peace of mind. However, most of the time, if an attacker wants to get inside your network and cause havoc, they don’t need UPnP to do it. In fact, cyber-attacks are so commonplace now, it’s not a matter of if it will happen to you, it’s a matter of when.”

– Philip Robinson Head of Marketing at Lepide

https://www.lepide.com/blog/what-is-upnp-and-is-it-safe/

“Your router is perhaps the most important gadget in your home. It checks all incoming and outgoing traffic, acting as a sentry to make sure that nothing dangerous comes in and nothing sensitive goes out. It controls access to your home Wi-Fi network and through that all of your phones, tablets, laptops, and more.”

– David Nield, Science and Technology Writer

https://www.wired.com/story/secure-your-wi-fi-router/

Consider Buying Your Router Instead of Leasing It

Just about all internet service providers give customers the option to lease routers and modems. These ISPs charge a fee such as $10 a month. You can make leased routers secure enough, but they are unlikely to be top of the line.

If you buy your router, you have lots of options for speed, reliability and quality. So, it’s generally better to purchase your router. It also costs less in the big picture. Of course, if you’re someone who has no interest in shopping for routers and setting them up, you should be fine going with a rental.

Access the Router’s Admin Panel

For many of the steps that follow, you must log into your router as an administrator. The process involves typing http:// and your router’s numbered address into your URL bar. In some cases, you may also be able to access the router through a smartphone app.

How do you find the address, though? In many situations, especially if you lease the router, the numbered address is on the back of the device (along with the router admin username and password, and the WiFi password).

If the address is not there, type, “cmd” into your computer’s search bar (no quotation marks). Next, type, “ipconfig” (again, no quotation marks). Look over the screen for the phrase, “Default Gateway” under a Wi-Fi or Ethernet heading. Next to “Default Gateway” is the router address.¹ It’s likely to start with a number such as 192.

On an Apple computer, you can hold down the option key along with the Wi-Fi icon. That brings up some data, including your router address. Alternatively, go to System Preferences, Network, Router, Wi-Fi, Advanced and then TCP/IP. The address is next to “Router.” ²

If you’d rather not do the above approaches or they don’t work, try typing the addresses below into your internet bar. One is likely to succeed.³

Cisco routers

192.168.10.2M
192.168.1.254
192.168.1.1

Linksys routers

192.168.1.1

D-Link and Netgear routers

192.168.0.1

Some Belkin and SMC routers

192.168.2.1

U.S. Robotics routers

192.168.123.254

When you type the router address and press “Enter,” a message may pop up saying that the connection is not private. There may be alarming language about someone trying to steal data or attempting to fool you.

Don’t worry about the message. You’re fine. As Netgear support explains, “This is a Certificate error. This refers to how public websites trust each other. This is not important as your device is usually on a local network, behind a firewall.” ⁴

Choose to accept the risk and proceed. You may have to click “Advanced” or a similar button to move on.

Now you need your username and password. For the most part, the default combination of “admin, admin” or “admin, password” should get you in. If they don’t work, check the back of your router, find the paperwork that came with the router or search online.

As you may have noticed, these defaults are quite generic. They’re a big reason that many home networks are not secure enough.

Using Two Bands

Once you’re in the administrator panel, you may notice that the network has two bands, 2.4GHz and 5GHz. However way you use each band, you must secure both. Many of the steps in this guide such as MAC address filtering you must do individually for each band. It’s fine to use the same password for both (but you don’t have to!).

The 2.4GHz band offers better range but can be slower. The 5GHz band offers better, speedier performance. Larger homes need more range and may benefit more from 2.4GHz bands than apartments and smaller homes do. However, 2.4GHz bands can become even slower if lots of devices such as baby monitors, garage door openers and Bluetooth devices are on it.⁵

Devices Better Suited to 2.4GHz

Smart thermostats
Smart speakers
Home security cameras
Tablets (if they’re far from the router)

Devices Better Suited to 5GHz

Smart TVs (if you stream lots of video)
Game consoles (if you play online often)
PCs
Laptops
Smartphones

Avoid tossing every device on 5GHz. Too many devices are likely to slow everything down.

Set Up WPA2 Encryption

Log into your router’s administrator console to see your encryption options and whether encryption is even turned on. Fortunately, many newer routers come with Wi-Fi Protected Access 2 (WPA2) encryption turned on.

Older routers may offer only Wired Equivalent Privacy (WEP) encryption. Don’t go down this road—time for a new router! Upgrade so you can get Wi-Fi Protected Access 2 (WPA2). WPA3 will eventually become common, but that day is still a bit off. In the meantime, WPA2 gives you the most protection against hackers compared with the partial protection offered by WEP and even WAP (without the 2).

If your router gives you more options after you choose WPA2, they’re usually AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol). Go with AES. TKIP is older and less secure.

You may have a choice between WPA2 personal and enterprise networks. Enterprise is business-oriented and gives each Wi-Fi user their own ID and password. It makes life easier for corporate network administrators in many ways but is unnecessary for home networks. Stick with WPA2 personal.

Change the Name of Your Network

Change the name of your network/SSID (Service Set Identifier) so that hackers cannot see the type of router you have. The more they know about your router, the better their chances of cracking its WPA2 encryption (network names factor into the encryption algorithm). As Apple support says, “Some common default SSID names to avoid are linksys, netgear, dlink, wireless, 2wire, and default.”

Don’t use a name such as, “BetYouCan’tHackMe” or “DanielsMom.” The first name practically begs hackers to break into your network, while the second name gives away information that hackers could use for identity theft.⁶

There’s no need to hide your SSID. This type of cloaking is really easy for hackers to bypass and may pique their interest.

Create a Strong, Unique Network Password—and Never Give It Out

Unfortunately, many default Wi-Fi passwords are easy to guess. Others might seem OK because they involve numbers and words that aren’t related to each other. They come from a random generator.

However, these passwords probably lack a mix of uppercase and lowercase letters and special characters. They are far from ideal because hacker programs can crack them quickly. Come up with a stronger password that is a minimum of eight characters, although longer is better. Use a mix of uppercase and lowercase letters, numbers and special characters.

One trick is to think of a sentence such as, “My favorite baseball player is Chipper Jones, #10 Braves infielder!” The password would look like this: MfbpiCJ#10Bi! Better yet, use a password generator to come up with a truly random password — though tougher to remember, it’ll also be tougher to hack!It’s fine to use a password manager if you need to. Whatever you do, never give out the password. If you end up doing so, change the password as soon as possible.

Your children probably don’t need to know the password. You can enter it into their gadgets and devices instead of telling them. Kids can be a big security risk. Many don’t fully understand security dangers. They may tell their friends the password, and it gets out to more people than you could have imagined.

What should you do about guests? It may seem rude to refuse to let them use your Wi-Fi. MAC address filtering is one solution. Another is to type in the password on their device. A third approach is to use a guest network.

Set Up a Guest Network Instead of Giving Visitors Your Wi-Fi Password

Many routers, especially those targeted toward small businesses, allow guest networks. That way, guests can easily access your network without the main password (or a password at all). No worries about damaging a friendship! You can also control what guests have access to. For instance, you might let them use just the internet and nothing else.

A guest network comes in particularly useful if you have visitors often, see clients/customers at your home or run a business such as a bed and breakfast. In these cases, don’t count on a leased router for guest network capabilities. Shop around for a router or ask your ISP for specifics before you lease a router.

A guest network operates via a different IP address than the main network. To set up a guest network, go to your main admin login. Enable the option for guest Wi-Fi. Create a network name/SSID similar to the main one, for example, the same name but with the suffix of, “_guest.”

Choose a password so that anyone can’t just waltz onto the network. The password doesn’t necessarily have to be super strong like your main password—although it should be if your router allows guests to use the network in many or all of the ways you use the main network.

If the router gives options, it’s best to block access to everything except the internet. It’s unlikely your guests will need file sharing. If possible, set a limit for the number of guests using the network at the same time.

Change Your Administrator Credentials

Now it’s time to change your default admin login credentials. As mentioned earlier, routers often come with terribly weak usernames and passwords such as “Admin, admin” or “Admin, password.” Websites such as routerpasswords.com even give out common router passwords.

Create a strong, unique password that is at least 16 characters long. Deploy a mix of uppercase letters, lowercase letters, numbers and symbols. It’s fine to use a password manager if you need to. Better that than going with a weak password! If you do forget your password, a master reset restores the router to factory settings. (Your Wi-Fi network password should be different from your router login password.)

Decide Whether to Use MAC Address Filtering

Each device that communicates with your network gets a unique Media Access Control (MAC) address. Some security experts say to set up your router so that only the devices you authorize get access. Others recommend disabling MAC address filtering. For instance, Apple support explains, “Set to: Disabled. … MAC addresses can be changed easily, so don’t rely on them to prevent unauthorized access to the network.”

However, the Federal Communications Commission says to enable MAC filtering with the awareness that, “Some hackers have mimicked MAC addresses, so don’t rely on this step alone.”

Bottom line: MAC address filtering is far from a 100% safety measure. For instance, skilled hackers can fake or copy MAC addresses to access your network. However, this type of filtering can protect your network against the average hacker.

Setting up MAC address filtering involves a bit of work but isn’t too bad. Look for something such as, “MAC Filtering” in your admin console, or click on each band (2.4GHz and 5GHz) to see its MAC filtering option.

If you use iPhones or iPads, the MAC address is listed as the Wi-Fi address in Settings > General > About. For instructions on finding MAC addresses for the wide range of devices you own, do a Google search on each specific device + MAC address. The “Additional Resources” section near the end of this guide also gives a couple of links.

Disable Remote Management Options

Turn off your router’s remote administrative features. Otherwise, a hacker from afar could break into the router.

Log Out

Log out of your administrator session every time. If you do not, a hacker could piggyback onto the session.

Update Your Router Regularly

Updating your router ensures more protection against bugs and loopholes. Fortunately, many routers update themselves in the background without any work from you. To find out if this is the case with yours, check the router’s control panel, its support website or the owner’s manual. For instance, the RAC2V1S router manual says, “The RAC2V1S automatically searches and installs upgrades which may add features or fix issues in the router.”

For some routers, you must go to the manufacturer’s site to download firmware updates and then apply them via your router settings. This way is more hassle but worth the effort.

Secure Your Computer and Other Devices Connecting to the Router

Your computer, smartphone, tablet, smart TV and other devices must be secure, too. Hackers need just one weak link to exploit your network.

Enable automatic updates for your devices and software programs.
Add higher-quality anti-malware or anti-virus software to the devices that connect most often.
Use strong passwords for devices and apps.

Do not store router login information, Wi-Fi passwords and other types of sensitive information on your devices. If you must, password protect the data or make it virtually impossible to find.

Follow a Few More General Practices

The steps above represent a tremendous chunk of what makes a secure home wireless network. A few additional things strengthen your network even more.

Double-Check the Firewall

Most routers come with network firewalls enabled. These firewalls block potentially unsafe data from entering your network, so double-check that yours is enabled.

Disconnect the Router When You Are Not Using It

Heading out to work? Going on vacation? About to sleep? Disconnect your router.

Hackers cannot break into a network that does not exist.

One way to disconnect is to unplug the router. Remember to plug it back in a few minutes before you need to use the network.

Some routers have timer functionality. Alternatively, if you have a smartphone app to control your router, you can use the app to turn the network on and off.⁷ Don’t have an app? Try using your phone’s internet browser to log into your admin console the same way you would from a computer.

Position Your Router in the Middle of Your Home

If logistics allow, place the router in the middle of your home. This placement distributes network access more evenly and could put the network out of hackers’ reach. For example, hackers might not be able to park curbside and connect to your network. Also, try to keep routers placed away from windows and exterior doors.

Conceal the Information on the Back of Your Router

The back of your router might list default information such as your network name and password, and your router IP address, username and password. You should have changed some or all of this information. In most cases, it’s prudent to put tape over the back or conceal the information somehow.

Turn off WPS and Perhaps UPnP

Two more things to think about: In your router settings, turn off WPS (Wi-Fi Protected Setup) if it isn’t disabled by default. With WPS on, visitors such as neighbors or service personnel can connect their devices to your network. They simply push your router’s WPS button along with the WPS button on their device.

If you’re extra security conscious and are OK with a decent amount of inconvenience, also turn off UPnP (Universal Plug and Play). One example of UPnP is when you buy a new device such as a printer and try to connect it to the network. The printer should connect automatically because the default for UPnP is to be turned on.

Leaving UPnP on does mean a potential hole for hackers if a device connected to your network gets hit with malware. However, hackers have other (easier) ways to try to get into your network.⁸

Back to the printer. If UPnP was disabled, you’d have to connect the printer to your computer and install it. Then you’d need to configure the printer to make it accessible to the network. You’d also need to go to the other devices on the network to connect them to the printer. All that can take a lot of time, but the peace of mind is worth it to some people.

Consider Changing Your Router’s IP Address

Default router IP addresses are easy for hackers to find. Heck, they’re online for anyone to look at! For an extra measure of protection, change your router’s address.

Log into your router admin console and search for something such as network settings or LAN/DHCP. Change your IP address and save. Note the new address.⁹

It should suffice to substitute just a couple of numbers. In the future, you use the new address to access your router settings. If something goes wrong, restore your router to its factory settings.

Create a Secure Home Wireless Network

Setting up a secure home wireless network is fairly easy. As long as you know your router’s default IP address and login credentials, most everything falls into place. The key is to replace weak default passwords and network names as soon as possible. From there, update your router regularly. Ensure that your computer and other devices connected to the network are as secure as possible.

Additional Resources

Router Security: Detailed Security Checklist
A List of Common Default Router Addresses: Addresses for Apple, Asus, Cisco Routers and Others
Securing Your Wireless Network: Tips from the Federal Trade Commission
Finding the MAC Address on Your Device: Smart TVS and Game Consoles
Find Your Device’s MAC Address: Windows and Mac OS

References and Footnotes

1. Whitney, L. (2020, March 17). How to Access Your Wi-Fi Router’s Settings. Retrieved March 29, 2020, from https://www.pcmag.com/how-to/how-to-access-your-wi-fi-routers-settings
2. Padhiyar, J. (2019, April 13). How to Find Router IP Address on Mac: Two Methods Explained. Retrieved March 29, 2020, from https://www.igeeksblog.com/how-to-find-router-ip-address-on-mac/
3. Mitchell, B. (2019, November 11). Did You Know Broadband Routers Have Two IP Addresses? Retrieved March 29, 2020, from https://www.lifewire.com/what-is-the-ip-address-of-a-broadband-router-818379
4. Your connection is not private in Google Chrome browser. (n.d.). Retrieved March 29, 2020, from https://kb.netgear.com/7055/Your-connection-is-not-private-in-Google-Chrome-browser
5. 2.4GHz vs. 5GHz WiFi: What’s the difference and how do I use them? (2019, March 22). Retrieved March 29, 2020, from https://www.screenbeam.com/wifihelp/wifi-networking/2-4ghz-vs-5ghz-wifi/
6. Mitchell, B. (2020, January 6). The Best Router and Home Network Names. Retrieved March 29, 2020, from https://www.lifewire.com/best-router-and-home-network-names-3971335
7. When to turn off Wi-Fi Access. (n.d.). Retrieved March 29, 2020, from https://www.verizon.com/support/residential/internet/home-network/settings/turn-off-wifi-access
8. Robinson, P. (2020, January 29). What is UPnP and is it Safe? Retrieved March 29, 2020, from https://www.lepide.com/blog/what-is-upnp-and-is-it-safe/
9. How to Configure Router and Switch: Ultimate Guide. (2020, February 4). Retrieved March 29, 2020, from https://www.dnsstuff.com/router-switch-configuration

Table of Contents