Most home networks are far less secure than their owners realize. Default router passwords, outdated firmware, and open guest networks create vulnerabilities that attackers — and even neighbors — can exploit. The good news: fixing the most critical weaknesses takes less than 20 minutes and requires no technical background. Here are the ten most impactful changes you can make today.

1. Change Your Router's Admin Login

Every router ships with a default admin username and password — often something as embarrassing as "admin" / "admin" or "admin" / "password." These credentials are publicly documented for every router model. Anyone on your local network (or any attacker who gets on it) can log in to your router and take full control. Change both the username and password to something strong and unique as soon as you set up a new router.

To access your router admin panel, type your router's IP address into a browser — usually 192.168.1.1 or 192.168.0.1. The address is also printed on the router's label.

2. Use WPA3 (or WPA2-AES) Encryption

Wi-Fi encryption prevents nearby devices from intercepting your traffic. WPA3 is the current standard and is supported by most routers and devices from the last three years. If your router is older, WPA2-AES (sometimes shown as WPA2 Personal) is acceptable — but avoid WPA (the original) or WEP, which are trivially crackable. Check your router's wireless settings and confirm you're using the strongest encryption available.

3. Disable WPS

Wi-Fi Protected Setup (WPS) is a convenience feature that lets you connect devices by pressing a button or entering an 8-digit PIN — but its PIN mode has a well-known vulnerability that allows attackers to brute-force the PIN and gain access to your network in under 24 hours. Disable WPS in your router's wireless settings. You'll still be able to connect devices normally using your Wi-Fi password.

⚠️ Important

WPS is enabled by default on most routers. Even if you never use it, it's an open attack surface. Disable it under your router's wireless or security settings.

4. Create a Separate Guest Network

When a friend asks for your Wi-Fi password, they get access to your entire local network — including your printers, NAS drives, smart home devices, and any PC shares. A guest network places visitors (and their devices) on an isolated segment that can reach the internet but not your private devices. Enable it in your router settings and give it a different password from your main network.

Also put your IoT devices on the guest network: smart TVs, thermostats, cameras, doorbells. IoT firmware is frequently unpatched and these devices are common attack vectors.

5. Enable Your Router's Firewall

Most routers have a built-in SPI (Stateful Packet Inspection) firewall that blocks unsolicited incoming traffic. It's usually on by default, but verify in your router's security settings. Don't rely on it as your only defense, but it adds a meaningful layer of protection against automated internet-wide scans looking for vulnerable devices.

6. Keep Router Firmware Updated

Router manufacturers regularly release firmware updates that patch security vulnerabilities. Many home users buy a router and never update it — leaving it vulnerable to exploits that were patched years ago. Log in to your router admin panel and check for firmware updates. Some newer routers (Eero, Netgear Orbi, Google Wifi) auto-update. If yours doesn't, check manually every few months.

7. Use DNS Filtering

Switching your router's DNS server to a filtering service like Cloudflare for Families (1.1.1.3) or OpenDNS Family Shield (208.67.222.123) blocks known malware, phishing sites, and ad-tracking infrastructure at the network level — before any device even makes a connection. This protects every device on your network, including phones, tablets, and smart TVs, without installing anything on the devices themselves.

Set this in your router's DNS settings under WAN or DHCP configuration.

8. Put Smart Home Devices on Their Own Network

Smart TVs, video doorbells, baby monitors, and other IoT devices are notorious for having poor security — outdated software, weak default passwords, and sometimes deliberate backdoors. Isolating them on your guest network (or a separate IoT VLAN if your router supports it) means that if a smart device is compromised, the attacker can't easily pivot to your computers or NAS drives.

9. Consider a Router-Level VPN

A VPN encrypts all traffic leaving your network before it reaches your ISP. This prevents your internet provider from logging your browsing activity and protects against certain man-in-the-middle attacks. Some routers support OpenVPN natively — services like Mullvad, ProtonVPN, and NordVPN provide router configuration guides. Alternatively, a dedicated VPN router like an Asus running Merlin firmware gives you fine-grained control.

Note that a VPN doesn't make you anonymous — it shifts trust from your ISP to your VPN provider. Choose a provider with a verified no-logs policy.

10. Monitor Connected Devices

Log in to your router admin panel periodically and review the list of connected devices. Any device you don't recognize is a problem — either an unauthorized user is on your network, or a device you forgot about is still active. Most routers show this under a "DHCP Client List," "Connected Devices," or similar menu. Give your devices recognizable names (hostnames) so you can spot anything unfamiliar at a glance.

✅ Bonus Tip

Enable your router's access log if it supports it. Seeing what domains are being queried and when can reveal compromised devices, family members visiting problematic sites, or unauthorized users on your network.

Want a professional network security assessment?

Ray's Custom Computers performs home and small business network audits across Tennessee, Alabama, and California — identifying vulnerabilities and configuring your network for security and performance.


Published by Ray's Custom Computers — serving Fayetteville, TN, Huntsville, AL, and McKinleyville, CA since 1996. Questions? Contact us or call (931) 557-6104.