How to Configure Your Router for Maximum Security and Privacy

Privacy and security icon on a table, with router and a wrench on it.
Click here to read a summary of this article!
Summary: How to Configure Your Router for the Best Security and Privacy

A router is your gateway to the internet. It’s a small computer that directs and controls network traffic across your devices. Like any computer, however, it’s susceptible to being hacked. A hacker can gain access to your entire network of devices if they hack your router.

This is why it’s important to keep your router secure. Some of the most important measures you can take to keep your router safe are:

  1. Change the default login and password
  2. Use a different SSID that contains no personal information or details about your router
  3. Keep your router’s firmware updated
  4. Set up a guest network to share with family and friends
  5. Disable remote access to your router’s admin panel
  6. Disable UPnP and WPS

In addition to the above, you should also keep an antivirus scanner installed on your device and a VPN on your router.

Read the rest of the article for a more thorough breakdown of the measures mentioned above!

WiFi routers are our gateway to the internet. Whenever you go to a restaurant or a friend’s place, the first thing most people do is to ask for the WiFi password. Being connected to the internet wirelessly makes life incredibly convenient. You can access the web on mobile devices, tablets and even use IoT gadgets.

If you have a private WiFi network in your house, it’s important for you to take appropriate steps to protect your privacy. WiFi routers are susceptible to various security risks. Indeed, recent reports have shown that routers from leading companies, such as D-Link and Netgear, have software vulnerabilities that hackers can exploit.

Hackers often use a technique known as DNS hijacking to breach router security and redirect all traffic to their own websites. This could expose all of your sensitive information, including login credentials, banking details, and credit card numbers.

Moreover, if you haven’t set a strong WiFi password, any hacker could rent cloud computing power and use brute force to break into your private network.

Hence, it’s essential to learn how to improve your router’s security. In this article, we’ll guide you on how to configure your router for maximum privacy and security. It explains the security concerns with the routers we use daily and provides tips on setting up your router for maximum protection. Now, let’s start by talking about the major security issues with modern routers.


Major Security Concerns With Consumer Routers

Routers forward data packets from your devices and create a bridge between the internet. All data from your computer, whether it’s a request to access a website or an email, is sent in the form of a data packet. Your router sets the address and the packets are sent on their way, so it’s essentially a device that allows you to direct traffic from your devices to the internet. Since routers are essentially small computers, they are prone to getting hacked and exploited by malicious actors.

Some notable security concerns are listed below:

1. Default login and password

Routers are designed for customers’ ease of use. The focus is on getting the device up and running as quickly as possible. However, this can sometimes leave a gaping hole in the router’s security.

One example of convenience prioritized over security is the default SSID and password. Almost all routers come with a pre-set password that can be used to access the admin panel. The admin panel is where you can change your router’s settings. If a hacker gains access to these settings, she can change your password, ID and impede your ability to use the router.

Most routers out of the box have the same SSID and password: “admin.” Even if the password is not “admin,” hackers can quickly determine your default SSID and password if they know your router model (instruction manuals are available online). Despite this, users don’t change their default ID and password during router set up or after, leaving them vulnerable to hacks and exploits.

2. Firmware

A router is essentially a tiny computer that manages your internet activity. Since it’s a computer, it comes pre-installed with firmware to run properly. Like any other software, a router’s firmware can be exploited if a hacker knows internal bugs and security flaws.

Vulnerabilities in router firmware are pretty standard. The VPNOverview News section is replete with stories of vulnerabilities and loopholes found in routers made by reputed companies like Cisco and ZTE.

Users also tend to delay installing firmware updates, which often contain patches for security bugs, sometimes serious ones. This leaves their routers vulnerable to security threats.

3. Universal PlugNPlay

Universal PlugnPlay (UPnP) is a network protocol that allows your devices, like computers, mobiles, and printers, to discover each other and easily establish connections for sharing services. So, using UPnP, your new printer can easily detect other devices on your local network and connect with them to allow for printing and scanning. Sounds great, right?

But there’s a catch. The security design around UPnP in regular routers is not the best. This leaves them vulnerable to exploitations by malicious applications.

For example, suppose a hacker knows UPnP is enabled and can figure out your router model. In that case, they can very easily disguise a malicious application as a device seeking permission to access the network and other devices.

There’s a high likelihood that a standard router would grant the malicious application access since they are not programmed to verify such requests in detail.

Once access is granted, the hacker has a direct pathway to all your devices and can steal personal information very conveniently.

4. WiFi Protected Setup

I’m sure you’ve seen a WPS (WiFi Protected Setup) button or menu option on your mobile, router, or other electronic devices. WPS is an alternate way to connect to WiFi without using a password. Instead, it operates using an eight-digit pin code. WPS can also be enabled by pushing a dedicated button.

While WPS makes it easier to connect to WiFi, it also comes with security risks. The fact that the PIN is a numeric eight-digital code makes it easy to hack (especially with brute force). What’s worse is that the router verifies the PIN in two segments of four digits each.

As a result, a hacker has to guess two four-digit codes instead of one eight-digit code. The former is much easier as there are only around 11,000 possible combinations that can be made with four digits. An average computer can make 11,000 random guesses within a day.

Now that you know the security risks associated with consumer routers, here are our tips to help you configure your router for optimal security.


How to Configure a Router for Maximum Security

We’ve provided some easy-to-implement tips that can be used to improve your router’s security. These are general tips for all routers (even though we’ve featured the TP-Link Archer C58 in our guide). While the interface might be different on your router, the settings are largely going to be the same.

1. Update your router’s firmware

As discussed in the previous section, a router’s firmware is susceptible to being hacked and infected with viruses. While the threat of hacking can’t be entirely eliminated, it can be reduced significantly by simply keeping your firmware up to date. Developers regularly release security patches to deal with any vulnerabilities and add new features.

Most modern routers are automatically updated to the latest firmware. But, to be sure, you can check your router manufacturer’s website for the latest available version; if it’s newer than what’s running on your router, download and install it.

This can usually be done using the router’s management interface, which can be accessed by typing 192.168.1.1 or 192.168.0.1 in your browser’s address bar.
Screenshot of TP link login page

2. Change the router’s default login and password

It’s common knowledge that most routers use fixed combinations of usernames and passwords, such as “admin” and “password,” to restrict access to the admin section. Leaving these unchanged is asking for trouble, especially given how easy they are to change.

All you need to do is access your router’s management interface (192.168.1.1 or 192.168.0.1 – might be different for your router; please do check) and locate the account information or password tab. This should lead to a page where you can change the username and password.
Screenshot of TP link admin interface
As always, don’t use passwords that are easy to guess. Instead, use a password manager to set complex and strong passwords.

3. Change your router’s SSID

SSID refers to the network’s name that shows up when you’re trying to connect to it. Very often, it carries the name of the manufacturer. I’m sure you’ve seen WiFi networks named “TP-Link XYZ” or “D-Link 123”. Such SSIDs giveaway the router’s brand, and possibly the model, to any potential hacker, making her job much easier.

Instead, you want to use an SSID with no obvious correlation to its manufacturer. It’s best to choose a random name that has no linkage to your personal information. For instance, you should avoid SSIDs that carry your name or apartment number.

The SSID, like other router settings, can be changed by accessing the router’s admin page.

4. Set a strong and complex WiFi password

Similarly, a strong WiFi password can help prevent unauthorized network access. When setting a password, it’s essential to choose the correct WiFi security type. There are broadly two kinds: WEP and WPA. WEP stands for Wired Equivalent Privacy. It is considered to be an old and outdated WiFi security type, having been replaced with WPA.

If your router only supports WEP, then it’s time to get a new one. Check out our list of the best VPN routers to choose a router that’ll keep you safe!

WPA stands for WiFi Protection AccessWPA 2 and 3 are the WiFi encryption protocols you should be using. Most routers that are available in the market support WPA-2, a secure and reliable protocol. WPA-3 is the most up-to-date protocol and should be used if your router supports it.

You may also see an option to choose between AKS and TKIP after selecting either WPA-2 or WPA-3. AES is a more secure standard and is the one you should use. It’s military-grade encryption that’s widely used around the globe in different applications.
Screenshot of TP link WPA/WEP
You can change the router security settings discussed above and your WiFi password from the router settings panel.

5. Set up a guest wireless network

What’s the point of setting up a strong WiFi password if you tell it to anyone that visits your place and asks for it? While they’re unlikely to pose a direct threat, they do know what your password is and can share it forward.

Moreover, their devices may already be infected without them knowing. This virus or malware infection could easily infect your network as soon as their device connects to it.

But, changing your WiFi password every time someone visits your place is not a feasible solution to this problem. A much easier option is to set up a guest network. A guest network is a separate wireless network that doesn’t provide access to any other devices connected to your primary network. This way, your guests can access the internet without needing access to the primary, private network.
Screenshot of TP link guest network
A guest network can also be used for all your IoT and smart home devices. IoT devices are susceptible to viruses and killware attacks. Keeping them on a separate network can help minimize the impact of such an attack.

6. Disable UPnP and WPS

We’ve already discussed the pitfalls of both WPS and UPnP earlier. While both make connecting devices convenient, the security trade-off is simply not worth it. There is, of course, a way to use UPnP while also reducing possible security threats. This can be done by configuring the router to not respond to any unsolicited communication from external devices.
Screenshot of TP link UPnP
You can change the protocol status under UPnP to “stealth” instead of closed or active on some routers. As a result, devices on your network will still discover each other, but any other unauthorized devices will not.

7. Check remote admin access settings

Most routers allow admin access only to acceptable devices connected to their network. However, on some routers, admin settings can even be changed remotely. To ensure that this isn’t the case with your router, you should disable remote access from the admin panel.

Using an ethernet cable instead of WiFi to access your admin access interface is another helpful tip to bolster your router’s security.

We’ve broadly covered all the crucial aspects of how to configure a router for optimal network security. You can also take a couple of extra steps besides changing your router security settings, which are covered in the next section.


Additional Security Measures

Following the steps outlined above will go a long way in improving your router’s security. There are, however, a few more things you can do to ensure your network and devices remain secure.

Use an antivirus on all your connected devices

If a hacker gains access to your router, they can infiltrate your devices and install worms, keyloggers, trojans, and spy on everything you do. An antivirus scanner constantly scans your device to detect and weed out any malicious elements.

And, most modern antivirus scanners come with an in-built firewall that helps prevent any unwanted or malicious items from entering your device in the first place.

Do check out our rankings of the best antivirus scanners for 2021 before choosing one for yourself. If you’re in a rush, then we’d recommend Kaspersky. It received the highest rating of any antivirus scanner that we tested and will certainly protect your device from any potential threats.

Get Kaspersky

Encrypt your internet activity using a virtual private network

Using a virtual private network (VPN) is one of the most impactful ways to safeguard your online privacy and security. It encrypts your internet activity, redirects it through a different server, and changes your IP address. This makes your online activity virtually untraceable.

Installing a VPN on your router secures your internet activity on all devices connected to it. This is especially useful for devices on which a VPN can’t be installed, like Chromecast or Apple TV. It also keeps your entire network private and secure from most external threats.

The best way to make this happen is by purchasing a pre-flashed router that supports a VPN straight out of the box. With such routers, all you need to do is get a subscription to any supported VPN provider and enter some credentials on the router admin page.

The situation is more complex for routers that aren’t pre-flashed. For such routers, you will have to flash DD-WRT firmware manually. This means that the router’s firmware will be replaced by DD-WRT, which opens up additional features, such as VPN protection and advanced Quality of Service Management.

Using this in-depth guide, you can learn how to flash DD-WRT onto your router. If you’re looking for a reliable VPN that you can install on your router, go with NordVPN. It’s incredibly fast and has an extensive server network, which makes it a great choice for streaming content.

NordVPN
Our pick
Our pick
Deal:
Only $2.99 a month for a two-year subscription with a 30-day money-back guarantee!
From
$2.99
9.3
  • Excellent protection and a large network of servers
  • Nice and pleasing application
  • No logs
Visit NordVPN

Final Thoughts on Router Security and Privacy

Keeping your router secure is extremely important, given all the potential threats that exist on the web today. Following the steps listed above will go a long way in doing so. In addition to these, consider updating your router from time to time and select one that comes with a VPN pre-flashed.

The following articles provide some great tips on how to protect yourself online:

  1. 8 Simple Steps to Guarantee you Stay Safe Online
  2. How to Stay Safe on Public Wi-Fi: Our In-Depth Guide
  3. Experts Give Parents Tips on Internet Safety for Kids and Teens 
How to Configure Your Router for the Best Security and Privacy: Frequently Asked Questions

Check out the FAQ section below for answers to some of the common questions about configuring a router for security and privacy.

A router is like a small computer that manages your network traffic and enables connections between other devices. Like any computer, it has its own software. This software can be hacked by malicious elements on the web.

Routers come with different security options, such as WEP, WPA and WPS. WPA 2 and 3 are the only security options that we’d recommend as the others leave your device pretty vulnerable.

For more information on different router security protocols, check out our detailed article on router configuration.

A few simple steps you can take to improve your router’s security are:

  1. Change the default SSID and password
  2. Disable WPS as a mode of connecting to the router
  3. Disable Universal PlugNPlay
  4. Keep your router’s firmware updated.

Your home wireless network usually hosts all your devices, which usually contain sensitive and personal information. If a hacker gains access to it, she could easily cause major disruption of activities. Some tips to keep your home wireless network secure are:

  1. Set a strong and complex WiFi password
  2. Create a guest network for your friends and relatives
  3. Disable remote access to your router’s admin settings
  4. Install a VPN on your router for maximum security

For more such tips, read our overview on configuring your router for security and privacy.

Tech journalist
Mohit is a legal and public policy researcher whose work focuses largely on technology regulation. At VPNOverview, he writes about cybersecurity, cryptocurrencies and sports events.