Securing Your Home WiFi

WiFi is the technology that allows us to connect to the internet without wires, whether around the house, in public places, or at the office.

But the very thing that makes wifi so convenient - it's lack of wires - also makes it an easy target for criminals. It's fortunate then that making our wifi secure is a straightforward thing to do!

Jump straight to topic:

USING WIFI IN PUBLIC PLACES?

If you use public wifi hotspots such as in hotels, coffee shops, or the airport, then read our guide on how to stay safe on public wifi.


What are the risks of wifi?

A typical wifi router

When we connect to wifi our computer or phone broadcasts all our data over the air, just like a radio. And just like a radio, anyone can listen in.

Because of this, without the right precautions, it's easy for anyone nearby to see all that we're doing online. They could for example read our private emails, grab our credit card details, or steal our passwords.

The risk is at it's greatest when you're on a public network such as a coffee shop or in a hotel. Criminals have been known to specifically target these locations - even installing devices so they don't physically need to be there. For details on how to use public wifi safely then see our dedicated guide for how to stay safe on public wifi.

And whilst you're less likely for a criminal to eavesdrop on your home wifi (although it still happens), you still need to secure this as well. A well secured wifi connection will be protected from:

  • Nosey neighbours snooping on what you're doing;
  • Locals using your connection to steal your bandwidth, or to use it for illegal means in your name.
  • Viruses that modify your router and intercept your personal data.

Keep reading for how to protect yourself from these threats!


How to make your home wifi secure

Protecting yourself from the threats above requires just a few settings to be checked on your router. This is the little box that plugs into a phone line or cable & which was possibly sent to you by your internet service provider.

Whilst the guide below tells you what settings to look for & change, each router is different and you may want to look up how to check these settings in the instructions for your specific make & model of router.

You can normally find these online; either do a web search for them (look for a label on your router to tell you who makes it) or, to save you some time (and because we're nice!), here's direct links for some of the more popular brands:

Even if you can't find the instructions then still carry on, as it might be obvious & easy to work out how to check all the settings below.


1) Login to your router

The first thing to do is login to your router. This is done like any other website; firstly ensure you're on wifi, and then enter the router's address into your web browser.

Getting to the login screen

The address for your router will be a series of numbers separated by dots (known as an "IP address"). It varies across different routers but might be one of the following:

  • 192.168.0.1
  • 192.168.1.0
  • 192.168.1.1
  • 192.168.2.1
  • 10.0.1.1 (Apple)
  • 192.168.8.1

You don't need to enter a "www" or anything else like you would for most websites; simply enter the address as you see it written above. It'll be obvious when you find the correct address as you'll be shown your router's welcome page.

Entering your routers IP address into your browser

Entering the address of your router into your browser address bar

If none of the above addresses work then search the web for the address that's relevant to the make & model of your router (try this useful webpage: https://19216811.wiki/router-ip-addresses). Alternatively for a definitive way of finding the address on Windows PCs, open a command prompt (press the Start button & type "cmd.exe") and enter "ipconfig /all". Look for an entry named "Default Gateway" - this will give you the address you need.

A few routers require you to connect to it via a cable (ie not over wifi) so, failing all the above, it's worth trying that too (a cable should have been included with the router when you got it).

Logging in

Typical login screen for a router

A typical login screen

Once you've got to the admin screen you then need to login. If there's no obvious place to enter your login details then look around for something that's says "login" or "settings", and click on that.

The password needed here is different from your wifi password - this one is your router's admin password. Many router manufacturers use common usernames & passwords which you can often find online; either search for the term "default password" alongside the make & model of your router, or look at the website www.routerpasswords.com.

Some of the more common username & password pairs you could also try are:

Username Password
adminadmin
adminpassword
admin(blank)
admin1234
(blank)admin
(blank)(blank)
root(blank)
useruser

If you've previously changed the password and forgotten what it is, you can often easily reset the router back to default settings by looking for and pressing a "Reset" button on the router. Note that the wifi password will also revert to it's factory default (which is often written on a label under the router), so if you'd previously changed that too you'll need to enter it again on anything that connects to the wifi.


2) Enable wifi encryption

One of the main risks of using wifi is other people snooping on your internet browsing. While there's no way to stop people eavesdropping your wifi signal, we can turn it into meaningless junk - think of the random static noise you get from a badly tuned radio.

This is done by applying encryption, where your router uses a secret code to jumble the wifi signal up. Your computer will know the secret to descrambling this, but any attacker won't.

Setting the encryption type

Setting the encryption type, as seen on one model of router (other routers will look different)

To do this, login to your router's admin area (Step 1 above) and explore the different settings. You're looking for a drop down list of different encryption options (sometimes called "Security mode"); these might be under menus called "Wifi", "Wireless", or "Security".

Select the option that mentions "WPA2" - it might be listed slightly differently as (or a slight variant of):

  • WPA2-PSK
  • WPA2 AES
  • WPA2 Personal

Avoid choosing anything with "WPA" or "WEP", these are older encryption methods that can be hacked easily. If there is a "Save" or "Apply" button (or equivalent) then click this.


3) Make sure your wifi password is strong

Having strong wifi encryption becomes much less useful if you have a poor wifi password - a hacker (or nosey neighbours) can take just a few minutes to try all possible combinations until they find it.

Most routers come with a pre-configured wifi password that's printed on the base of the router. If it's already at least 8 characters long and a random mixture of letters and numbers then it should be fine. If it's not though then it's a good idea to change it.

Setting the wifi password

Setting the Wifi password

Don't worry about making it memorable - your wifi password is perfectly ok to write down and keep next to your router (if you're unlucky enough to be burgled then the last thing you'll be worried about is your wifi password!).

When choosing a wifi password aim to make it at least 8 characters long, and with both uppercase & lowercase letters as well as numbers.

To change your password, look in your router's admin page for something like "Wifi password", "Wireless password", "Pre-shared Key", or just "Key".

Don't confuse your wifi passord with the "Admin password" or "Login password" though - this is different and is what you used to login to this administrative section of your router (and which we change next...).


4) Change the router's admin password

When you logged into your router to make the changes above, did you find the password for it online? If you did then anyone else can find it too. And not just people, but viruses.

There have been several cases over the years where viruses and other malware have targetted home routers, for example to be able to intercept your internet data (such as stealing your credit card details) or to use it as a host from which to attack other internet users. To prevent this you should ensure your router has a strong & unique password.

In your router's settings look for something like "Login password" or "Admin password"; often under an "Administration" or "System" menu. Change this password (make sure you remember what it is!) and click ok.


5) Update the router's firmware

Updating the firmware

Option to update the firmware

Just as you do for your operating system and other software, it's also important to keep your router's internal software (known as "firmware") up to date. This will protect you against any security vulnerabilities that have been found and fixed by the manufacturer since you bought your router or last updated it.

Somewhere within your router's configuration pages will be an option to update this. Look for links such as "Check for updates" or "Router update" and click on this.

Some routers may update themselves automatically every so often; if this is the case then the page will probably state when this was last done, or even that it is currently up to date.


6) Disable WPS if you can

WPS is a feature used by many routers to make it easier to connect devices to them, often just at the touch of a button. This unfortunately though isn't always secure, and on some routers can be exploited by hackers to connect to your home wifi.

Disabling the WPS feature on a wifi router

Disabling WPS on a Huawei router

Even though this is an old problem (first publicised in 2011), many router manufacturers still haven't taken steps to secure WPS on even their new routers.

Realistically, the chances of anyone trying to hack this on your wifi connection is tiny, but it can still be a good idea to just disable it & forget about it.

If you're a high profile individual (a celebrity for example), or live in a city centre where your wifi connection can be picked up by many passing people, then your risk will be higher than for everyone else.

Some routers don't offer the ability to disable WPS but if yours does (look around the options in your router's home page) then do so.


Have any feedback on this page? Let us know - [email protected]