The back of a router with the internet cable and other Ethernet cables plugged in.
Hannah Stryker / How-To Geek
Router settings can have a significant impact on router security. It's best to turn off features if you're not using them and always use strong passwords.

When you get under the hood, there are a lot of router settings and options. Here’s a crash course on what to avoid doing to keep your Wi-Fi router and home network as secure as possible.

A Word on Router Security

Before we dig into the dangerous things we recommend you avoid doing with your router, we understand that there are some situations where you may have a very good reason to do one of the things listed below.

If you know what you’re getting into and you have a specific reason for doing it, by all means, do so while proceeding with appropriate caution. But for most people following the suggestions below, turning off features they don’t need and leaving the router to manage everything else automatically is almost always the best security choice with the least risk.

Disabling Automatic Updates

If you’re a network administrator or play an amateur one at home (perhaps dabbling with small business network gear like Ubiquiti hardware), you’re likely very on top of your network firmware and manage your updates to avoid bugs, uptime issues and other problems. When you’re that hands-on with your network, sometimes you avoid auto-updates so you can manually review every firmware update.

But most people don’t need to be so hands-on and are better off letting their router handle the updates automatically to ensure vulnerabilities and bugs are patched as quickly as possible.

If your router doesn’t support automatic updates or is so old that it no longer receives them, we strongly recommend upgrading it. In addition to automatic updates, a new Wi-Fi router will include other improvements like upgraded Wi-Fi security and better Wi-Fi coverage.

Hosting an Open Wi-Fi Network

Speaking of Wi-Fi security, although it’s tempting to run an open Wi-Fi network to avoid typing in passwords, it’s a security nightmare.

Anyone close enough to connect to your Wi-Fi network is free to use your network however they wish, including using it for illegal activities or freely roaming your network trying to access your devices.

You should use a strong password on your Wi-Fi router. We’d even go so far as to suggest that you skip using the default Wi-Fi password if your router has one and replace it with one of your own.

Forwarding Ports

When you’re struggling to get some service running properly, it’s easy to get frustrated and open a wide range of ports or even open up all the ports for a particular device on your network to get the remote connection working.

You should only open the exact ports you need, such as a specific port for a locally hosted game server. Opening more ports exposes more of your home network to the internet. And if you set port forward assignments with too wide of a range, then it can cause network headaches when traffic is routed to the wrong devices.

It’s rare these days to even need port forwarding, so unless you have a specific need, it’s best to simply let the router handle things without setting port forwarding assignments.

Putting Devices in the DMZ

You might see an option in you router to put a device in the “DMZ,” which stands for “demilitarized zone.” It’s a no-man’s-land where none of the security features of your router will be applied to that device. To continue the military analogies, it’s the nuclear option for solving a port forwarding problem because you’re shoving the device right out of the secure zone.

Unless you have a very specific fringe-use-case reason to use the DMZ, you should never put a device in the DMZ. You should especially avoid putting your computer or another device that holds personal information, like a NAS, in the DMZ.

Enabling Remote Administration

Whether it’s called “Remote Administration,” “Remote Access,” or “Remote Management,” by default, your router’s administration panel is accessible only to people on the local network. You can’t access it if you’re not connected to the router via an Ethernet cable or over the local Wi-Fi connection.

If you enable remote access, that means anyone connecting to your external public IP address will be able to access your router’s login. This affords them the opportunity to pick away at your router, trying default passwords, password tables, and other methods.

Most people don’t need to remotely access their router’s administration panel when they aren’t at home, so it’s best just to leave remote access turned off. If you do turn it on, be sure to use a strong password and keep your router’s firmware up-to-date to protect against vulnerabilities.

Using a Weak Administrator Password

You might not think about the administrator password on your router, but it’s a really important one. Your email or bank password might get more attention and seem higher profile, but if you have a weak or default password on your router, it’s easy for someone to change the settings.

Your router, like everything else, needs a long and strong password. If you don’t know the current password for your router, you can use these tips to access your router and set a new password.

Leaving Universal Plug and Play (UPnP) On

Universal Plug and Play (UPnP) is a set of networking protocols that allow devices on your network to discover each other and automatically work together.

In theory, that’s really great. In practice, UPnP has been plagued by security issues for years, and we (as well as the FBI) recommend turning off UPnP features on your router.

Leaving Wi-Fi Protected Setup (WPS) On

Introduced in 2006, Wi-Fi Protected Setup (WPS) makes it possible to push a little button on your router and a little button on your device, and the router and device will automatically negotiate a connection without you having to do any further setup.

Like UPnP, it seems like a great idea on paper and should make life easier for everybody. In practice, also like UPnP, it ended up having security vulnerabilities. We recommend you turn WPS off. Yes, the push-to-setup feature can save you time, but given how little time you actually spend adding new devices to your network, it’s just not worth the trade-off.

Keeping Unused Features Active

We called this section “keeping unused features active,” but it could just as easily be called “turning on features you don’t need” because it’s the same general idea.

We can’t go over every possible setting on your router, but a safe approach is to leave features turned off if you’re not using them. If your router has a file and print server, turn it off if you’re not using it. If there is a built-in VPN client you’re not using, again, turn it off. By disabling services on the router you’re not using, you cut down on the number of potential zero-day exploits and vulnerabilities your router exposes.

The same goes for turning things on or messing around with advanced features. We absolutely encourage people to learn and play with their hardware, but if you’re not interested in learning advanced firewall rules and syntax, it’s best to leave that section alone.

The Best Wi-Fi Routers of 2023

ASUS AX6000 (RT-AX88U)
Best Wi-Fi Router Overall
ASUS AX6000 (RT-AX88U)
TP-Link Archer AX3000 (AX50)
Best Budget Router
TP-Link Archer AX3000 (AX50)
TP-Link Archer A8
Best Cheap Router
TP-Link Archer A8
ASUS GT-AX11000 Tri-Band Router
Best Gaming Router
ASUS GT-AX11000 Tri-Band Router
ASUS ZenWiFi AX6600 (XT8) (2 Pack)
Best Mesh Wi-Fi Router
ASUS ZenWiFi AX6600 (XT8) (2 Pack)
TP-Link Deco X20
Best Budget Mesh Router
TP-Link Deco X20
NETGEAR Nighthawk CAX80
Best Modem Router Combo
NETGEAR Nighthawk CAX80
ExpressVPN Aircove
Best VPN Router
ExpressVPN Aircove
TP-Link AC750
Beat Travel Router
TP-Link AC750
ASUS ROG Rapture GT-AXE11000
Best Wi-Fi 6E Router
ASUS ROG Rapture GT-AXE11000
Profile Photo for Jason Fitzpatrick Jason Fitzpatrick
Jason Fitzpatrick is the Senior Smart Home Editor at How-To Geek. He has over a decade of experience in publishing and has authored thousands of articles at How-To Geek, Review Geek, LifeSavvy, and Lifehacker. Jason served as Lifehacker's Weekend Editor before he joined How-To Geek.
Read Full Bio »