You just plugged in your new Wi-Fi router. Now what? It’s a perfect time to set things up with best practices right from the start and get the most out of your faster, better, and up-to-date hardware.
Before we look at individual configuration options, let’s talk about starting with a clean slate. It’s tempting to just “clone” your old router’s settings and do everything as you did before. And trust us, we get it.
Adding a bunch of devices like Wi-Fi cameras and smart home gear back into your home network is a hassle. And if you’re the tech support person in your household, you probably want to avoid everyone yelling, “Why doesn’t my tablet work?!” over the next day or two.
But from a security standpoint, there’s nothing as good as wiping the slate clean and starting with a completely fresh network. In fact, it’s the only surefire way to kick people off your Wi-Fi network and ensure it’s locked down properly. We know it’s a hassle, but there are some compelling reasons to start fresh with a new Wi-Fi network name and password.
Most of the configuring you’ll do when you get a new Wi-Fi router is on the Wi-Fi router itself, but many people will need to fiddle with their Internet Service Provider (ISP) supplied gear.
If you previously used your ISP’s combination modem/Wi-Fi router, you must make two configuration changes for a smooth experience with your new Wi-Fi router. First, you need to put your ISP’s combo unit into bridge mode. Bridge mode tells the ISP’s router to stop functioning as a router and start passing the internet connection to your new Wi-Fi router.
If you don’t put your ISP-supplied router into bridge mode, it can cause lag, connection instability, and other issues that arise from your connection passing through a Network Address Translation (NAT) process twice. While some devices will warn you that you have a double NAT problem (the Xbox, for example, will warn you with the message “Double NAT Detected” in the network menu), most devices won’t, and you’ll be left in the dark as to why some services just don’t seem to work right.
Second, you need to turn off the Wi-Fi radio in the ISP’s Wi-Fi router combo unit. Some models will automatically disable the Wi-Fi when you put the combo unit into bridge mode, but many won’t. If you don’t disable the Wi-Fi radio, you’ll add Wi-Fi interference and congestion to the same airspace you’re deploying your new Wi-Fi router.
You just unpacked your router and plugged it in, meaning it’s running the firmware flashed to the device during manufacturing. It’s likely not painfully out of date, but it’s a good idea to immediately update the firmware upon booting the router up for the first time and before messing around with any other settings.
The Best Tech Newsletter Anywhere
Join 425,000 subscribers and get a daily digest of features, articles, news, and trivia.
Not only does updating the firmware ensure any bug fixes and security patches are applied, but it also ensures your router’s interface is updated and matches the manufacturer’s help documents, should you need to reference them.
Some people like to keep automatic updates turned off because they carefully manage their home network in a very hands-on fashion. If you’re the kind of person that pores over firmware release notes and frequents network forums to see what issues other hobby network system administrators have with various firmware updates, then this isn’t the tip for you.
But most people fall into the exact opposite camp, which is the camp of never updating the firmware on their router and running it for years with outdated firmware and potential security vulnerabilities.
Some newer routers, especially mesh systems like those from Eero and Nest, automatically update themselves (which is one of the reasons we recommend people give their parents and other relatives mesh Wi-Fi). But if yours doesn’t, be sure to turn it on so you don’t have to worry about checking for updates in the future.
If your router doesn’t support automatic updates, it’s useful to put a reminder on your calendar to check for firmware updates every few months.
The administrator password is a frequently overlooked aspect of router security. Many models still have common default administrator login and password combinations you can easily guess or look up on the internet. Newer models might have pseudo-random passwords. In both cases, the password is almost always printed directly on the label attached to the router.
As such, it’s best to change the default password to something new to ensure access to your router isn’t as simple as trying a common combination or just reading the login right off the router body.
Modern Wi-Fi devices are backward compatible with older Wi-Fi encryption standards, but that doesn’t mean you should keep using them just because you used them in the past.
The best Wi-Fi encryption to use is WPA3, but if you have devices on your network that you can’t easily replace or switch to Ethernet, then we recommend you use WPA2 AES. Unlike earlier Wi-Fi encryption standards that are now deprecated, WPA2 AES is still considered secure.
Most routers now come with a pseudo-random password set as the default. Like the admin login and password, that password is usually on a sticker attached to the router.
While it’s better than the simplistic default administrator passwords all too many routers still use, your router’s preset Wi-Fi password is not as random or secure as you might think.
Switching it out immediately with a better and longer Wi-Fi password distances you from the security problems inherent with pre-generated passwords and, more importantly, the password printed right there on the device it is meant to secure.
While many Wi-Fi routers, primarily mesh routers, will prompt you to enter an SSID right from the start, plenty of routers on the market come with a default option.
It’s not the end of the world to use the default SSID, but the default SSID almost always telegraphs information about your router. Changing your SSID won’t deter a competent and determined attacker from gleaning information about your hardware, but switching from a preset default to something else never hurts. As always, avoid any identifying information. Switching from a default SSID of “Netgear98” to “Apartment2A” is a security downgrade.
Enabling the guest network right from the start is a great way to avoid dealing with future hassles and security problems. Why does it matter? Giving someone the password to your main Wi-Fi network gives them direct access to your entire home network and everything on it. On the other hand, a guest network is designed to give people internet access without opening up the whole network to them.
And using the guest network for guests prevents you from ending up in a situation where you need to update your Wi-Fi password, but you’re reluctant to do so because of the hassle of resetting the password on dozens and dozens of devices. When your reset the guest network password, you can just give the new one to any guests the next time they come around. Check out these Wi-Fi guest network best practices when you set up your guest network.
You might not think about Dynamic Name System (DNS) servers often—or ever—but you should take a moment to think about DNS when setting up a new router.
If you don’t pick a DNS server, your router will default to using your ISP’s DNS servers. There are plenty of privacy, security, and speed reasons to switch from your ISP’s DNS, so you might as well do it while you’re speed-running this list of best Wi-Fi router practices.
Remote access is typically disabled by default, but since you’re already in the router’s control panel doing a thorough audit, now is the time to locate the remote access option and ensure it’s disabled.
Some routers don’t have traditional remote access, wherein you can log into the administrative control panel by connecting to the public IP address of the router. Platforms like eero and Nest Wi-Fi have cloud-based administration via their respective apps, so be sure to use a strong password for your account and enable two-factor authentication when available.
Wi-Fi Protected Setup (WPS) and Universal Plug and Play (UPnP) are two protocols intended to make setting up devices on your Wi-Fi network and automatically configuring connections with your router easier.
They do, in fairness, do that. But they also introduced a bunch of security vulnerabilities. Some routers no longer include WPS, but you should check yours regardless and disable it. UPnP is still included in routers and is usually turned on by default, so check for that too and disable it. And if you have issues with UPnP disabled, you can always manually forward ports for the services that need them.
“Woah, woah, woah, I just bought this router!” you might be thinking. And that’s a completely fair reaction to seeing us end this list by suggesting you need to plan to buy another router.
But most people buy a Wi-Fi router and use it until its last dying breath (or until it becomes so unstable and slow they wish it would just give up the ghost). The best way to prevent yourself from becoming that person with the super old, super outdated, and super frustrating Wi-Fi router is to make a mental note now—while setting up your brand new router—to replace it. Better yet, put a reminder on your calendar to revisit the topic.
How soon should you consider a replacement? We recommend people replace their Wi-Fi routers every 3-5 years. If you want better performance and regular feature updates, upgrade every three years. If you want to avoid obsolescence and security problems, upgrade every five. Whatever you do, though, don’t wait until you can check off every item on this list of signs it’s time to upgrade.