• #1 NetSpot
  • Best WiFi tool to assess your WiFi security
  • 4.8
  • 969 User reviews

6 Ways To Secure Your WiFi Network

From hackers to network leeches, there are people who want to gain access to your WiFi network to either steal your bandwidth or your money.
  • NetSpot
  • Essential for WiFi security
  • 4.8
  • 969 User reviews

To keep people out of your home or business’s wireless network, use these steps to tighten up security and protect yourself.

How To Secure WiFi

When that new router comes into the house from the local cable company or whatever telecom you use, it’s too easy just to plug it in, connect up, and start playing the latest version of Fortnite or getting ready for a night of Netflix and chilling - only you really intend to watch Netflix and eat some ice cream, not the other kind of “Netflix and chill”.

But just plugging in that router without taking steps to protect yourself is like buying a new house and moving in without changing the locks and leaving the front door open. Or perhaps a better analogy is like a car. There’s an old saying that if someone really wants to steal your car, the point isn’t trying to stop them, but making things so difficult and annoying for them that they move on to an easier target.

These are 6 things that can be done to make sure that your WiFi network is safe, secure, and still works well enough for those late night Player Unknown BattleGrounds sessions. Let’s go over how to secure your WiFi so you can use the Internet with a little more peace of mind.

#1: Change the Default Login

If you’re wondering “How to Secure My WiFi”, start here: don’t use the default password. Too often the default password is “000” or “password” or in the case of routers, it’s the serial number, which is on the side of the router. This means if anyone has seen the router or taken a picture of it could figure out what the administrative password is, and use that to reconfigure the router to steal information from you.

So the first thing to do when looking to secure a WiFi router:

  1. Connect to the router via an Ethernet connection. Do not use a WiFi connection to get to the administrative access. Check the manual, but usually, the Admin interface for a router is at or
  2. Once in, log in with the default admin username and password. Even though you want to change it, you still have to get in the first time.
  3. Depending on your router, the steps to change the administrative username and password will be different. For Arris, this is listed under Login settings:
Change router login password
  1. Change both the username and the password. Write these down and store them in a secure location, like a home safe. Don’t give it to your kids — you know that will end badly.

That’s the first step to securing your WiFi network. But it’s not the last.

#2: Change and Hide your SSID

The SSID is the identity for your secure WiFi network. It’s the name people use to find it and connect to the network, and how to set it apart. It’s also set by default by your router, usually some combination of its serial number like “F27N37552” or, even worse it identifies what kind of router it is like “NetGear001” or the provider with “VerizonBox”.

All of these are bad for different reasons. With the SSID telling the user what kind of network or router is being used makes it easier for hackers to figure out the best way to attack your network.

Stop them by changing the SSID.

Some routers even let you specify multiple networks (more on that in a moment).

Check your manual, but the typical steps are:

  1. Log into your router (you did set up a new username and password from Step 1, right?).
  2. Select your WiFi network.
  3. Change the SSID, and turn off “Broadcast Network Name.”
Change SSID

Save those settings. The WiFi network will still work, it just won’t tell everyone about it. While you’re at it, make sure that the Pre-Shared Key is something unique. Don’t stick with “password” or “mine” or your date of birth. A few words that are easy to remember, but unique to you is best.

Now we’re hidden and people just can’t get in without permission. But there’s still more.

Check your encryption with NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.

#3: Encrypt to Secure That WiFi Traffic

Most modern routers automatically turn on encryption by default. But — are you sure it’s enabled? Don’t assume it is — check it. It should be at least set to WPA2 — this uses an encryption algorithm called AES. Don’t worry about what that all means — it’s like a series of locks. Under the old system WEP, someone could just keep trying keys until it unlocked the door into your network. Under WPA2, there are millions of keys that have to be tried before there’s even a chance to get in.

The steps for turning this on for your WiFi network will differ with each device, but just like Step 3, take a look at your WiFi network:

  1. Log into your router.
  2. Set Security Mode or Encryption Level to “WPA2” — the most recommended setting is WPA2-PSK.
Set Security Mode

Some routers support an encryption protocol WPA2-AES/TKIP. This is in the event that your system supports WPA2, but not WPA2-AES. This should only be used if you have some older devices around.

Supporting encryption will help keep people from listening into your network when you’re doing things like banking, looking up voting information, or binge-watching the latest episodes of “Pretty Little Liars” (I’m not judging you).

#4: Set Up A Guest Network

Sometimes you’ll have friends or family over. And when they’re with you, they’ll ask the most dreaded question of all: “What do you think about politics?”

Then they’ll ask the second most dreaded question: “What’s your WiFi password?”

Before you start the pitchforks and torches, there is another option: create another WiFi network. Many routers support the ability to specify two networks.

A good idea is to set up a secondary WiFi network, usually called a Guest network. Just for guests. They can have the WiFi password for this network, connect in, and not have central access to the main WiFi network.

Why do it this way? It’s not that you don’t trust your family. Except maybe Aunt Edna, who you are pretty sure stole your My Little Pony DVD collection. But if they have your WiFi SSID and password, if their laptop or tablet is ever compromised, that means a hacker can have it as well and get into your network.

Set up the guest WiFi account — if your router supports it, and here’s a good practice:

  1. Only turn it on when needed. When you don’t have guests over, turn it off.
  2. Change the SSID and WiFi password to the guest network every time it’s turned back on again. This way even if someone has hacked one of your guest’s machines, by the time they get to your network, it’s too late. You have denied them that access.

Setting up a guest network and allowing access only when needed cuts down on the odds of someone breaking into the network.

Check your Encryption using NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.

#5: Set Up The Firewall

A firewall is a barrier where only traffic that allows comes in or out. Most of the time, the most effective rule for any firewall goes like this.

  1. Rule 1: DO NOT LET ANYONE FROM THE OUTSIDE WORLD CONNECT INSIDE. Usually, this is listed as “Any: DENY.”
  2. Rule 2: Only allow responses to request coming from inside to come inside.

There are other important settings to tweak on the firewall. Another good setting if supported by your router is “Enable Ping Blocking.” Ping Blocking is where a router will respond if someone sends a “ping” to it. Sometimes a hacker will have a program that will continually pink networks to see if they’re active, then start trying to figure out what’s running on it. If your router is set to ignore Ping requests, then it stops people from evening knowing you’re there.

Another setting is to block “fragmented packets.” A packet is a bit of network, containing a header saying where the packet is going and what information it carries. It’s like a letter that computers send each other on the network. The envelope shows where the letter came from and where it’s going to, and inside the letter is the actual information.

But sometimes a hacker will send a fragmented packet. This is a packet that is formed badly on purpose to confuse the router or computers into accepting bad information that they usually would deny. It can trick the computer into granting access because the computer will do it’s best to guess what the fragmented traffic is trying to get to. By denying these, it prevents those issues in the first place:

Set Up The Firewall

#6: Know the Other WiFi Networks

Locking down the network with the five steps listed are a good start to good wireless network security.

Past just locking it down, you should also know what’s out there on the network, and in your building. Sometimes a clever hacker can get into a business and plug in a small WiFi router into the Ethernet network so they can access it from outside the building.

You’re going to want a good network analyzer to find any rogue WiFi networks in your building. Download NetSpot — the free version can show the different networks it detects. If there are networks that are coming on strong or aren’t ones you know about, it can help you find them and shut down.

Netspot Discover mode

Secure your network with a bit of simple locking down of the system, and using NetSpot to find anything that doesn’t belong and turn it off so people can snitch on what your network is doing without your authorization. It’ll grant peace of mind and save a lot of heartaches after.

Check your Encryption using NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.
Have more questions?
Submit a request or write a couple words.

Read next in All about Wi-Fi

If you want to dive deeper into this Wi-Fi thing, check out the following articles about Wi-Fi security, the best apps for wireless networking, inflight WiFi, etc.
Get NetSpot for Free
Wi-Fi Site Surveys, Analysis, Troubleshooting runs on a MacBook (macOS 10.12+) or any laptop (Windows 7/8/10/11) with a standard 802.11a/b/g/n/ac/ax wireless network adapter.
  • 4.8
  • 969 User reviews
Free WiFi Analyzer
NetSpot for iOS
Heat Maps & Speed Test