A router on a desk for a story on router security.

When it comes to safeguarding your personal data, there may be no tool more important than your wireless router.

Because it transmits all the data that flows in and out of your home via WiFi—everything from emails to credit card numbers—the device has long been a target for hackers. And now, with many Americans working from home due to the coronavirus pandemic, more sensitive data than ever before could be at risk.

More on Security

Hackers can use malware or software design flaws to hide their identity, steal bandwidth, turn your devices into botnet slaves, or worse. They can be within range of your WiFi network, or they could be half a world away, launching an automated attack on millions of home networks at once.

In fact, just a few years ago a malware called VPNFilter was devised to disable encryption, allowing cyber criminals to see passwords and other private data in plain text during transmission.

So what can you do to keep your family’s data and devices safe?

Well, to start, make sure your router is properly set up to protect you. Here are a few helpful security tips.

Turn On Automatic Updates

Router manufacturers typically roll out software updates throughout the year to address security threats.

The easiest way to make sure your router always has the latest, safest software is to activate the automatic firmware update feature available on many modern models.

Newer routers make this relatively easy through a companion mobile app.

For other routers, you'll need to look in the device’s settings. You can do that by opening a web browser and typing in the device's IP address. Very often, the address is 192.168.0.1 or 192.168.1.1. But this varies by brand. So consult the owner's manual or do an online search for the customer support pages for your router model.

If your router doesn't provide automatic updates, you'll have to periodically download and install the new software from the manufacturer's website yourself.

To be safe, says Richard Fisco, who oversees electronics testing at Consumer Reports, you should check for new updates every three months. You can also see if there’s a way to get security notices via email from the router’s manufacturer when new software is available. Many brands offer that as an option during the online product registration process.

All companies eventually stop releasing new software for old models, though.

“If you find your router is no longer getting updates,” says Fisco, “it's too risky to keep using it. Verify its status with the manufacturer, and if it has reached the ‘end of life’ stage, buy a new router.”

Some models recommended by our testers are priced under $200, including the Asus AC2900, Netgear Nighthawk AC1900, and TP-Link Deco.

Quick Take

Netgear NIghthawk AC1900 (R7000)

Price: $155

Data security
Data privacy
Throughput mid-range
Unlock Wireless Router Ratings
Quick Take

TP-Link Deco Whole Home (3-pack)

Price: $170

Data security
Data privacy
Throughput mid-range
Unlock Wireless Router Ratings

Turn Off Features You Don't Use

Modern routers come with many handy features that help you manage your WiFi network, but some create weak spots in your defenses.

So when you’re logged in to your router's settings, take a minute to review applications that could present opportunities for hackers.

If you don't use Remote Administration (also known as Remote Management or web access from WAN), make sure it's turned off. This denies access to the router's control panel from outside your home network. In most routers, the feature is off by default, but you should confirm this by going to the advanced or administration section of the settings menu.

Disable Universal Plug-and-Play, which many home routers have enabled by default. UPnP can help devices on your home network connect to each other, but the added convenience isn't worth the security risk. This feature can make it easier for malware to spread through your network.

To disable UPnP, log in to your router like you would when changing your password (see below). Find the "tools," "advanced," or "advanced networks" menu. From there, make sure the “Enable UPnP” box is unchecked.

And last, if you have a guest network without a password, disable it. You don't want unwanted guests using it without permission.

Use Strong Passwords

If you've never done so, you should change two crucial passwords on your router: the one that lets you manage the device's settings and the one that lets you connect other devices to the wireless network (as in, “What’s the WiFi password?”).

Routers typically ship with default passwords used to set up the device. At times, they're even printed on a label on the router itself. For convenience, the default passwords for lots of routers also appear online—and a password that’s easy for anyone to find is no help at all.

With a little online sleuthing, a hacker could use a default password to access your network and potentially control your router. If that were to happen, the hacker could change your passwords, spy on you, or access the files on a network-attached hard drive.

The settings and connection passwords can both be changed via the router’s mobile app or the settings page (aka 192.168.1.1)

Make sure the passwords you create are strong and unique—that is, different from one another and from any other password you use. They should have at least a dozen characters, with seemingly random upper- and lower-case letters, numbers, and symbols. To keep track of them, you might also consider using a password manager.

Change the Default SSID

Lastly, you’ll want to change the default name of your WiFi network, also known as the SSID. According to CR’s Fisco, leaving the default in place can reveal your router’s make and model, potentially helping hackers break into it—especially if you haven’t changed the default passwords, too.

You can even tell your router not to broadcast the SSID at all. Once you do that, any device that's never been connected to your WiFi won’t be able to “see” the network.

To connect to the WiFi via a new device, you have to manually input the network name, instead of selecting it from a list of nearby options. But what is at most a minor inconvenience for you—how often do you connect new devices to your WiFi?—essentially makes your network invisible to would-be hackers.

Use WPA3

Security protocols for routers improve over time, which means the old ones get outdated. Among other things, the latest standard, known as WPA3, encrypts your WiFi connection, making it harder for cyber criminals to guess your WiFi password using hacking tools that automatically cycle through tens of thousands of possibilities, says Kevin Robinson, vice president of marketing at the WiFi Alliance, which oversees the standard.

WPA3 is about two years old, so smartphones, laptops, and other devices manufactured in recent years should be able to support it without any problems.

If your router and other devices don’t support WPA3, you can use the previous standard called WPA2-AES. But any models mired in the WEP era should be replaced, says Fisco. They're simply not equipped to handle today's threats.


Passing the Password Test

What's your password strategy when it comes to protecting your online accounts? On the "Consumer 101" TV show, a Consumer Reports expert explains what you need to know about password managers.