Most people don’t replace their routers that often, and there are so many important settings, it’s easy to overlook a few and forget how your old one was set up. Here are the first five things you need to do right after powering up your new router.
A few minutes of tweaking and configuration right after unboxing your new router can save you headaches down the road. A Wi-Fi router, left improperly configured and with poor security, can leave your network unstable and vulnerable to malicious users. This guide should help you establish a solid baseline level of security.
Although we’ve included screenshots showing different settings in different router interfaces, every router is different—please refer to the documentation for your specific router to locate all the settings we refer to throughout this tutorial.
Update the Firmware
Your router’s firmware is a set of operating instructions and tools stored on its memory chip that controls everything from the Wi-Fi radios to the firewall.
Although firmware updates are generally infrequent, and router firmware is designed to be stable, there are two reasons to check for updates immediately after getting a new router. First, you don’t know how long your router was sitting on the shelf, and a new update may have been (and most likely was) released.
Second, although not as common as problems on consumer operating systems like Windows, there are exploits and vulnerabilities that crop up in router firmware, so it’s always good to have the latest (and most secure) firmware available. It also means you have access to the most up-to-date features of the router.
Change the Default Login Password
Just about every router ships with a default username and password you use to manage the router. These defaults aren’t even well kept secrets—a simple Google search will tell you the username and password for just about any router out there. You can download entire lists of known pairs, and there’s even the appropriately named web site RouterPasswords where you can look up just about any make, model, and default login. Usually they’re something ridiculously simple, like “admin/admin”.
So, if you don’t want it to be stupid easy for passers-by to break into your network, you should change your administrator password…before someone changes it for you.
Change the Wi-Fi Network Name (SSID)
Your Wi-Fi’s network name, or SSID, can reveal a lot about the router. For example, it might be called “Linksys”, which lets outsiders know the manufacturer of your router—making it easier for them to fetch the default login, or check for vulnerabilities on that model.
Change the SSID to something different from the default, but without any identifying information in it. This means no SSIDs like “Apartment5a” or “321LincolnSt”. Something easy to remember but unspecific to you is ideal—like “Cookie Monster” or “Spaceman”. Any combination of words will do,. really.
Set a Secure Wi-Fi Password with Quality Encryption
For years, router manufacturers shipped routers with poorly configured Wi-Fi and/or default passwords enabled. Now, they’re finally starting to ship routers with the highest level of Wi-Fi encryption enabled and a randomized password set (so even if new users don’t know what they’re doing or fail to look up a list like this one, they’re still protected).
Not every manufacturer has individualized setups for each router they ship, however, which means it’s your responsibility to make sure your router has properly configured Wi-Fi with a secure password and the best encryption.
When you go to change your Wi-Fi network’s password, you’ll typically have options available like WEP, WPA, and WPA2. Select WPA2 (or, to future proof this advice, whatever better encryption comes along). We recommend using WPA2. You can read about Wi-Fi encryption and why it matters here, but the short of it is that anything below WPA2 is easier to crack. WEP is so trivial to crack a child with the right (and widely available) tool could do it.
As far as passwords are concerned, when you’re using strong encryption like WPA2 that supports up to 63 characters, it’s far better to use a passphrase than a password. Forget simple passwords like thedog20, blackcat, or any of the trivial passwords that Wi-Fi standards used to restrict us to. Passphrases are easier to remember and are harder to crack. Instead of “thedog20”, use “My Dog Is Twenty Years Old”.
While we’re on the topic of securing your Wi-Fi: if you have a newer router, chances are you have a guest network. If you choose to enable it, the same rules apply for selecting good encryption and a strong password. We also recommend you check out our dedicated article about securing guest networks and how they may not be as secure as you think.
Disable Remote Access
If you need remote access for some reason, it’s a pretty handy feature. For 99.9% of home users, however, there’s very little reason they would need to remotely administer their router from afar, and leaving remote access on simply opens up a point of vulnerability that hackers can take advantage of. Since the router not only functions as the network management brain of your home network but also the firewall, once a malicious user has gained remote control, they can open the firewall and gain complete access to your home network.
Again, like better Wi-Fi security, manufacturers are finally taking default security seriously, so you might be pleasantly surprised to find that the remote access/management features are disabled. Still, trust but verify. Look in the advanced settings of your router and confirm that any remote access tools are turned off.
Disable WPS and UPnP
Finally—compared to the previous examples of security measures you should take—we have a more arcane one: disabling Wi-Fi Protected Setup (WPS) and (Universal Plug and Play) UPnP. While both services are intended to make our lives easier, they both have various security flaws and exploits. WPS allows you to press a button on your router or use a PIN to pair your new devices to your router (instead of manually searching for the Wi-Fi network name and entering the password) but there are flaws in WPS that aren’t worth the convenience. If your router supports disabling WPS, it should be easily found in your router’s menus. You can read more about the process here.
In addition to disabling WPS, you should also disable UPnP. The UPnP system is, in fairness, way more useful than the WPS system—it automates the process of opening ports in your firewall for applications like Skype and Plex media server—but like WPS it has security flaws that can allow malicious parties access to your router. You should check through settings on your router to disable it and then brush up on how to manually forward ports on your router so, should you run into any issues like your Plex server’s remote access isn’t working right with UPnP turned off, you can fix it right away.
By simply updating your firmware, changing default logins for the router and Wi-Fi access, and locking down remote access, your 10 minutes of effort ensure that your router is now radically more secure than when it came out of the box.
If you’d like to further improve the security on your router as well as learn a bit more about how your home network functions, check out the following related articles:
- Secure Your Wireless Router: 8 Things You Can Do Right Now
- How to Check Your Router for Malware
- How to Troubleshoot Your Wireless Router Problems
- HTG Explains: Understanding Routers, Switches, and Network Hardware
- How Use Quality of Service (QoS) to Get Faster Internet When You Really Need It
Have a networking or Wi-Fi related question? Shoot us an email at firstname.lastname@example.org and we’ll do our best to help.