How to Boost Your Router Security

These tips will help you keep your personal data safe

When you shop through retailer links on our site, we may earn affiliate commissions. 100% of the fees we collect are used to support our nonprofit mission. Learn more.

A router surrounded by three laptops Photo Illustration: Consumer Reports, Getty Images

When it comes to safeguarding your personal data, there may be no tool more important than the wireless router that powers your home WiFi network.

Because it transmits all the data that flows into and out of your residence via WiFi—everything from emails to credit card numbers—the device has long been a target for hackers. And with many people working from home a few days a week, there’s even more sensitive data at risk.

More on Digital Security

Hackers can use malware or software design flaws to hide their identity, steal bandwidth, turn your devices into botnet slaves, or worse. They can be within range of your home WiFi network, or they could be half a world away, launching an automated attack on millions of home networks at once.

In fact, just a few years ago, a malware called VPNFilter was devised to disable encryption, allowing cybercriminals to see passwords and other private data in plain text during transmission.

So what can you do to keep your family’s data and devices safe while on your home’s WiFi network?

To start, make sure your router is properly set up to protect you. Here are a few helpful security tips.

Turn On Automatic Updates

Router manufacturers typically release software updates throughout the year to address security threats, fix bugs, and improve performance.

The easiest way to make sure your router always has the latest, safest software is to activate the automatic firmware update feature available on many of today’s models.

Newer routers make this relatively easy through a companion mobile app.

For other routers, you’ll need to look in the device’s settings. You can do that by opening a web browser and typing in the device’s IP address. Very often, the address is or But this varies by brand. So consult the owner’s manual or do an online search for the customer support pages for your router model.

If your router doesn’t provide automatic updates, you’ll have to periodically download and install the new software from the manufacturer’s website yourself.

Richard Fisco, who oversees electronics testing at Consumer Reports, says that to be safe you should check for new updates every three months. You can also see if there’s a way to get security notices via email from the router’s manufacturer when new software is available. Many brands offer that as an option during the online product registration process.

All companies eventually stop releasing new software for old models, though.

“If you find your router is no longer getting updates, it’s too risky to keep using it,” Fisco says. “Verify its status with the manufacturer, and if it has reached the ‘end of life’ stage, buy a new router.”

Some models recommended by our testers are priced under $200, including the TP-Link Deco, Eero 6, and Google WiFi.

Turn Off Features You Don't Use

Modern routers come with many handy features that help you manage your WiFi network, but some create weak spots in your defenses.

So when you’re logged in to your router’s settings, take a minute to review applications that could present opportunities for hackers.

If you don’t use Remote Administration (also known as Remote Management or web access from WAN), make sure it’s turned off. This denies access to the router’s control panel from outside your home network. In most routers, the feature is off by default, but you should confirm this by going to the advanced or administration section of the settings menu.

Disable Universal Plug-and-Play (UPnP), which many home routers have enabled by default. UPnP can help devices on your home network connect to each other, but the added convenience isn’t worth the security risk. This feature can make it easier for malware to spread through your network.

To disable UPnP, log in to your router like you would when changing your password (see below). Find the “tools,” “advanced,” or “advanced networks” menu. From there, make sure the “Enable UPnP” box is unchecked.

And last, if you have a guest network without a password, disable it. You don’t want unwanted guests using it without permission.

Use Strong Passwords

If you’ve never done so, you should change two crucial passwords on your router: the one that lets you manage the device’s settings and the one that lets you connect other devices to the wireless network (as in, “What’s the WiFi password?”).

Routers typically ship with default passwords used to set up the device. At times, they’re even printed on a label on the router itself. For convenience, the default passwords for lots of routers also appear online—and a password that’s easy for anyone to find is no help at all.

With a little online sleuthing, a hacker could use a default password to access your network and potentially control your router. If that were to happen, the hacker could change your passwords, spy on you, or access the files on a network-attached hard drive.

The settings and connection passwords can both be changed via the router’s mobile app or the settings page (aka

Make sure the passwords you create are strong and unique—that is, different from one another and from any other password you use. They should have at least a dozen characters, with seemingly random upper- and lowercase letters, numbers, and symbols. To keep track of them, you might also consider using a password manager.

Change the Default SSID

Lastly, you’ll want to change the default name of your WiFi network, also known as the SSID. According to CR’s Fisco, leaving the default in place can reveal your router’s make and model, potentially helping hackers break into it—especially if you haven’t changed the default passwords, too.

You can even tell your router not to broadcast the SSID at all. Once you do that, any device that’s never been connected to your WiFi won’t be able to “see” the network.

To connect to the WiFi via a new device, you have to manually input the network name, instead of selecting it from a list of nearby options. But what is at most a minor inconvenience for you—how often do you connect new devices to your WiFi?—essentially makes your network invisible to would-be hackers.

Use WPA3

Security protocols for routers improve over time, which means the old ones get outdated. Among other things, the latest standard, known as WPA3, encrypts your WiFi connection, making it harder for cybercriminals to guess your WiFi password using hacking tools that automatically cycle through tens of thousands of possibilities, says Kevin Robinson, vice president of marketing at the WiFi Alliance, which oversees the standard.

WPA3 is about 3 years old, so smartphones, laptops, and other devices manufactured in recent years should support it.

If your router doesn’t do so, you can use the previous WPA2-AES standard. But any routers using older standards, like WPA or even WEP (which dates back to the late 1990s), should be replaced, Fisco says. They’re simply not equipped to handle today’s threats.

Passing the Password Test

What’s your password strategy when it comes to protecting your online accounts? On the “Consumer 101” TV show, a Consumer Reports expert explains what you need to know about password managers.

Nicholas De Leon

I've been covering consumer electronics for more than 10 years for publications like TechCrunch, The Daily (R.I.P.), and Motherboard. When I'm not researching or writing about laptops or headphones I can likely be found obsessively consuming news about FC Barcelona, replaying old Super Nintendo games for the hundredth time, or chasing my pet corgi Winston to put his harness on so we can go for a walk. Follow me on Twitter (@nicholasadeleon).