How to Secure Your Home Wi-Fi Router in 15 Minutes
Your router is the front door to every device in your home. Set up badly, the weak link isn't your laptop — it's the whole household.
Table of contents
Your router is the one device that touches everything else — phones, laptops, the smart TV, the doorbell camera, the kids' tablets. If someone gets into the router, they don't get into one device; they get a foothold on your whole home network. The good news: most of the risk comes from a handful of default settings, and you can fix them in about 15 minutes.
You don't need to be technical. You'll log into your router's settings page, change a few things, and log out. Below is the order I'd do it in, then a checklist table you can keep.
How to open your router settings
Nearly every router has an admin page you reach through a web browser. On a device connected to your Wi-Fi, type your router's address into the browser bar — commonly 192.168.0.1 or 192.168.1.1. The exact address, plus the default login, is usually printed on a sticker on the router itself.
If you've never logged in before, you'll use the default admin password from that sticker — and changing it is your very first job.
The 15-minute checklist
1. Change the admin password (2 min)
The admin password protects the router's settings, and it's different from your Wi-Fi password. Default logins like admin / password are published in public databases, so an attacker — or a piece of malware already on your network — can simply look yours up. The FTC and NSA both advise changing the default administrator login to something unique. Aim for at least 12 characters; a password manager makes this painless.
2. Turn on WPA3 (or WPA2) encryption (2 min)
Encryption scrambles the traffic flying through the air so neighbours and passers-by can't read it. In your wireless security settings, choose WPA3. If some of your older devices can't connect, pick a mixed WPA2/WPA3 mode rather than dropping back to plain WPA2 for everything. Never use the old WEP option — it's broken. If you only see WEP or WPA, update your firmware (step 4) and check again.
3. Set a strong, separate Wi-Fi password (1 min)
This is the password your devices use to join the network. Make it long and unique — a short passphrase of a few random words works well and is easy to type on a TV remote.
4. Update the router firmware (3 min)
Firmware is the router's built-in software, and manufacturers patch security holes in it over time. Look for a "firmware update" or "router update" button in the settings, or check the manufacturer's website. The FTC notes that updating can even unlock newer encryption like WPA2/WPA3 on older models. If your router offers automatic updates, switch them on.
5. Disable WPS and remote management (2 min)
WPS (Wi-Fi Protected Setup) — the push-button or PIN pairing feature — has known weaknesses, so turn it off. While you're there, disable remote management (sometimes called remote admin or WAN access) unless you genuinely need to reach your router from outside the house; it stops the settings page being exposed to the wider internet.
6. Create a guest network (2 min)
A guest network is a second Wi-Fi name that gives visitors internet access without letting them onto your main network — and without you handing out your real password. The FTC, CISA and NSA all recommend it.
7. Put smart devices on the guest or IoT network (1 min)
Smart TVs, cameras, plugs and speakers are often the least updated, least secure things in the house. The NSA recommends segmenting your network so these devices can't talk directly to your phones and laptops. The simplest version for a home: connect your smart gadgets to the guest (or a dedicated IoT) network, and keep your personal devices on the main one. If one cheap camera is ever compromised, it's quarantined away from your important data.
Quick checklist table
| Setting | What to do | Why it matters |
|---|---|---|
| Admin password | Change from the default | Stops anyone using a published default login |
| Wi-Fi encryption | WPA3, or WPA2/WPA3 mixed | Scrambles your traffic; WEP is broken |
| Wi-Fi password | Long, unique passphrase | Keeps outsiders off your network |
| Firmware | Update; enable auto-update | Patches known security holes |
| WPS | Turn off | Removes a weak pairing shortcut |
| Remote management | Turn off (unless needed) | Hides settings page from the internet |
| Guest network | Turn on | Visitors get internet, not your network |
| Smart devices | Put on guest/IoT network | Isolates the weakest gadgets |
Securing the router vs. running a VPN on it
People often hear "just put a VPN on your router" and assume it replaces everything above. It doesn't, and the two solve different problems.
The steps in this guide secure the router itself — who can log in, how your Wi-Fi is encrypted, which devices can reach each other. A VPN is about your traffic once it leaves your home: it hides your browsing from your internet provider and protects you on untrusted networks like hotel or café Wi-Fi. Running a VPN on the router can route your whole household's traffic through it, which is a reasonable privacy choice — but it is not a substitute for changing the admin password, updating firmware or segmenting your IoT gadgets. A VPN also does nothing to stop phishing, malware or a weak admin login. Secure the router first; treat a VPN as an optional privacy layer on top, not the foundation.
If you spend a lot of time on networks you don't control, this is also worth a read:
Is public Wi-Fi actually safe in 2026?
Bottom line
- Most home-router risk comes from defaults: change the admin password, turn on WPA3/WPA2, and update the firmware.
- Add a guest network and move smart TVs, cameras and plugs onto it so one weak gadget can't reach your laptop.
- A VPN protects your traffic on untrusted networks — useful, but it's a layer on top of a properly configured router, not a replacement for one.
Which do you need first: VPN, antivirus or a password manager?
