Security7 min read

Is Your Wi-Fi Router a Security Disaster?

How to check if your router is vulnerable and the settings you should change today.

Andri
Andri
Scroll to read

Your router is the front door to your entire home network. Every device you own connects through it — laptops, phones, smart TVs, security cameras, that smart fridge you regret buying.

And yet most people never log into their router after the initial setup. They're running default passwords, outdated firmware, and settings that made sense in 2015.

Let's fix that.

Why Your Router Matters

If someone compromises your router, they can:

  • See all your unencrypted traffic
  • Redirect you to fake versions of websites
  • Attack devices on your network
  • Use your connection for illegal activity
  • Pivot to other devices and compromise them

Your router isn't just a box that provides Wi-Fi. It's a computer running software that can have security vulnerabilities just like any other device.

Step 1: Log Into Your Router

First, you need to access your router's admin interface. Open a browser and try:

  • 192.168.1.1
  • 192.168.0.1
  • 10.0.0.1

If none of those work, check the sticker on your router or search for your router model + "admin address."

You'll need the admin username and password. If you never changed it, try:

  • admin / admin
  • admin / password
  • admin / (blank)
  • Or check the sticker on the router

If you can't get in and you've never changed these credentials — congrats, you've discovered your first security problem.

Step 2: Change the Admin Password

If your router still has the default admin credentials, change them immediately. This is the password to access the router's settings, not your Wi-Fi password.

Pick something strong — at least 16 characters, random if possible. Store it in your password manager.

Anyone who knows this password can reconfigure your entire network. Default credentials are listed online for every router model. Bots actively scan for routers they can access.

Step 3: Update the Firmware

Router manufacturers release firmware updates to fix security vulnerabilities. Most routers don't auto-update, so they sit there with known exploitable bugs.

Look for a setting like:

  • Firmware Update
  • Software Update
  • Administration → Firmware

Check for updates and install them. Some newer routers have auto-update options — turn that on if available.

If your router hasn't received a firmware update in over 2 years, it's probably end-of-life and you should consider replacing it.

Step 4: Check Your Wi-Fi Security Settings

Find your wireless security settings and make sure you're using:

WPA3 — The newest and most secure. Use this if your router and devices support it.

WPA2 (AES) — Still fine for most people. Avoid "WPA2-TKIP" or "WPA2-Mixed" which are weaker.

Never use: WEP (ancient, trivially broken), WPA (old), or "Open" (no password).

Your Wi-Fi password should be long and random. 16+ characters. The days of simple passwords you can remember are over — save it in your password manager and use that to share it with guests.

Step 5: Disable WPS

Wi-Fi Protected Setup (WPS) lets you connect devices by pushing a button or entering a PIN. Convenient? Yes. Secure? No.

The PIN-based method has a design flaw that makes it trivially brute-forceable. Even the button method expands your attack surface unnecessarily.

Find WPS in your wireless settings and turn it off. You'll survive without it.

Step 6: Disable Remote Management

Remote management lets you access your router's admin interface from outside your home network. Unless you have a specific reason to need this, turn it off.

Look for settings like:

  • Remote Management
  • Remote Administration
  • Web Access from WAN

Disable them. If you need to change router settings, do it from inside your home network.

Step 7: Check for Unknown Devices

Most routers show you a list of connected devices. Look for:

  • Attached Devices
  • Connected Devices
  • Client List
  • DHCP Client List

Go through the list. Do you recognize everything? If you see devices you don't recognize, it could mean:

  • A neighbor is using your Wi-Fi
  • A device you forgot about
  • Something malicious

If you're not sure, change your Wi-Fi password. Everything will disconnect and you can reconnect your legitimate devices.

Step 8: Consider Separate Networks

Many modern routers let you create multiple networks. This is useful for:

Guest network: Give visitors internet access without access to your main network and devices. Enable "client isolation" if available so guests can't see each other's devices either.

IoT network: Put your smart home devices (cameras, thermostats, smart speakers) on a separate network from your computers and phones. Many IoT devices have terrible security. Isolating them limits the damage if one gets compromised.

Advanced Settings (Optional)

These are worth doing if you're comfortable with more technical settings:

Change DNS servers. Your router probably uses your ISP's DNS by default. Consider using:

  • Cloudflare: 1.1.1.1 and 1.0.0.1
  • Quad9: 9.9.9.9 (blocks known malicious domains)
  • Google: 8.8.8.8 and 8.8.4.4

Disable UPnP. Universal Plug and Play lets devices automatically open ports. Convenient but risky — malware can use it too. Disable it unless something breaks.

Enable the firewall. Most routers have a built-in firewall that should be on by default, but check. Also make sure "Respond to Ping from WAN" or similar is disabled.

Consider custom firmware. If you're technical, routers supported by OpenWRT or DD-WRT get better security updates and more control. But this is enthusiast territory — don't do it unless you're comfortable potentially bricking your router.

Is Your Router Too Old?

If your router is more than 5-6 years old, or if it hasn't received firmware updates in 2+ years, consider replacing it.

Older routers often:

  • Don't support WPA3
  • Have unpatched security vulnerabilities
  • Lack modern features like network segmentation
  • Have slower performance

A decent modern router costs €80-150 and will last you another 5+ years. It's not a bad investment.

ISP-Provided Routers

Many ISPs give you a combined modem/router. These are often:

  • Running outdated firmware
  • Configured for ease of support, not security
  • Potentially accessible by your ISP

If you rent equipment from your ISP, you usually can't change much. Consider buying your own router and putting it behind the ISP modem (or replacing their equipment entirely if your connection type allows).

At minimum, log in and change the default passwords on ISP equipment.

Quick Checklist

Run through this in 20 minutes:

  • [ ] Can you log into your router?
  • [ ] Changed default admin password?
  • [ ] Firmware up to date?
  • [ ] Using WPA2 or WPA3?
  • [ ] Strong Wi-Fi password?
  • [ ] WPS disabled?
  • [ ] Remote management disabled?
  • [ ] Recognize all connected devices?
  • [ ] Guest network set up for visitors?

The Bottom Line

Your router is probably fine, but "probably fine" isn't good enough for the one device that controls all your network traffic.

Twenty minutes of checking settings now prevents a lot of potential problems later. And if you're still running a router from 2018 with firmware from 2019 — maybe it's time for an upgrade.

At minimum: change the default passwords, update the firmware, and make sure you're not using WEP. Your future self will thank you.

#router#Wi-Fi#network-security#home-security

Join the Newsletter

Weekly insights on cybersecurity, digital privacy, and AI tools. Practical advice for non-technical people.

No spam. Unsubscribe anytime.

Back to all posts