Router Security Settings: Wi-Fi and Access Password, WPS, MAC and IP Filtering, Remote Access

Read this article to learn more about Wi-Fi security settings for your router. How to secure a Wi-Fi network from unauthorized access by strangers, and set a password for accessing the Wi-Fi network and the settings panel. How to restrict access to your Wi-Fi network by MAC or IP address filtering.

Router Security Settings: Wi-Fi and Access Password, WPS, MAC and IP Filtering, Remote Access

Many users neglect to configure their network security settings believing that their network is of no interest to anyone. Why would an intruder try to access it?

Unfortunately, this is a false assumption: proper security settings can protect you from identity theft as well as from unintended damage caused by other users of your network. Just out of curiosity, hackers may change something in your settings – which can leave you stranded offline. That is why we recommend checking your security settings right now.

I will show you how to configure router security settings with the example of a popular model, TP-LINK WR841N. However, almost all routers have similar functionality, so this guide will be useful for other devices as well. With the exception of some differences in the menu interface, of course.

Go to view
How to Configure Router Security Settings (Wi Fi Password, WPS, IP and MAC Filtering, Remote Access)

How to Configure Router Security Settings (Wi Fi Password, WPS, IP and MAC Filtering, Remote Access)

Modifying the Login and Password to Access Your Router

The first thing to do is to change the default password protecting access to the router settings. Such password will prevent strangers from gaining unauthorized access to your router. So when you change the default password, no one else will be able to connect to the Internet or modify network settings.

To make changes to the router’s name and password, connect to this device by Wi-Fi or cable, and open a browser to enter its network address.

TP-LINK

The router’s network address is given on a sticker which you can find on the bottom of the device. Usually, it looks like 192.168.1.1 or 192.168.0.1, tplinkwifi.net or tplinklogin.net, etc.

TP-LINK

In this window, type the username and password – by default, they are admin and admin. The default login and password can be found on the same sticker as before.

If you do everything right, the screen will show you the settings menu.

TP-LINK

Go to the tab System Tools and find the Password line.

TP-LINK

You will have to give the previous username and password, and then enter the new data and click Save. That is all – the password for accessing the router has been modified. You have just completed the first goal on the way to configuring security settings. Let’s move on.

Setting a Password for Wi-Fi

The second important step is to set a password for accessing your Wi-Fi network. It will prevent strangers from connecting to this network.

Many people believe this option is unnecessary and so they leave their networks open to anyone. However, by connecting to your network, other users can use torrent clients to download content, or play online games – which eats up the traffic and puts pressure on your router. Talking of the router, it can have various issues, the connection speed will drop, and the overall quality of Internet access will deteriorate.

To change the password, go to the tab Wireless. Look for the line Wireless Security.

TP-LINK

If wireless security is disabled, turn it on. To do it, choose one of the suggested options. For standard situations, the recommended option WPA/WPA2 would be enough.

Type the desired password into the field Wireless Password.

Don’t use simple passwords consisting of eight digits 1 or 0, or digits from 1 to 8. Think about a reliable password having both capital and lowercase letters, digits and special symbols. Write down the new password just in case you may forget it.

Read another article for a very detailed description of other Wi-Fi settings.

Disabling the WPS Function

The third step is to disable the WPS function. This function allows connecting to a wireless network quickly and without a password. In real life, it is rarely used, and as it is too vulnerable to hackers, I recommend disabling it.

To do it, go to the WPS tab (sometimes, you can find it in the Wireless menu) and select Disable WPS.

Wireless

Hiding the Wireless Network Name

Hide your network from the eyes of strangers. There is a special option in the router settings that allows you to hide your network. When you turn it on, other devices will no longer see your Wi-Fi. In order to connect, they will have to give not only the password but also the network name (SSID).

You can enable this function in the wireless network settings by unchecking the box next to Enable SSID Broadcast.

Enable SSID Broadcast

As you do it, other devices won’t be able to see it, and from a Windows 10 computer, you will see a hidden network among other networks. If you try connecting, you will have to enter the network name (SSID) and then the password; only if everything is right, you will be able to connect.

Windows 10. SSID


Windows 10. SSID

From a smartphone, this network is just invisible: in order to connect, you should go to W-Fi settings and create a new network. Give the network name (SSID) and password.

Аndroid. SSID


Аndroid. SSID


Аndroid. SSID

Filtering Devices by MAC Address

The next stage is filtering the devices trying to connect by their MAC addresses.

MAC address is a unique identifier of a device, as every gadget has its own MAC address. In the router settings, you can add MAC addresses of the devices which are allowed to connect to your network. When this function is enabled, only devices which are on this list can connect. Alternatively, you can list the devices for which access should be blocked.

This is a most efficient way to protect your router but it is only suitable for organizations with a specific number of users; for a home network, though, you will have to connect new users by entering the router settings and adding their MAC addresses, which is not too convenient.

To enable this option, open Wireless MAC Filtering which you can find in the Wireless settings tab.

TP-LINK. Wireless MAC Filtering

When you are there, click Enable and check the box next to Deny the stations specified by any enabled entries in the list to access or Allow…, then add MAC addresses of such devices.

To add them, click on Add New.

TP-LINK. Add New

Upgrading the Router’s Firmware

Another important aspect you have to take into account when configuring security settings is making sure your router has the latest firmware. It will fix errors and patch possible vulnerabilities that may give strangers a foot in the door to hack your network.

The function for upgrading the router’s firmware is usually in the menu System Tools / Firmware Upgrade.

Firmware Upgrade.

You can download the latest package from the official website of the router’s manufacturer. In my case, it’s TP-Link. The company’s official website: https://www.tp-link.com.

In the website, go to Support / Download (https://www.tp-link.com/us/support/download/). And find your model on the list.

Firmware Upgrade

Before downloading the firmware, you should verify the hardware version of your device. If you install firmware for a different version, it can damage the device or even make it inoperable. The hardware version is specified on a sticker you can find on the bottom plate of the router.

However, you can choose to install standard, newer or alternative firmware. The only thing that matters is that it should be compatible with your device.

TP-LINK

Choose a file and give the path to the firmware you have downloaded, and then click Upgrade.

Upgrade

After the process is over, the router will reboot automatically.

Webpages for Downloading Firmware for Routers by Other Manufacturers:

Almost all manufacturers let users download firmware for their routers. Usually, the firmware download page can be found in the support section of the company’s website.

Go to view
How to Flash a TP Link or D Link Router, Update Router Firmware

How to Flash a TP Link or D Link Router, Update Router Firmware

Disabling Remote Access

The next thing to configure is remote access. If you have remote access function enabled but you don’t use it – turn it off, because such function lets anyone access your router via the Internet from any other device. In other words, any user knowing your router’s IP address (WAN address) can access its settings.

In order to disable this function, go to the tab Security / Remote Management. Type zeroes in the IP address line. By default, this function is disabled.

Remote Management

To enable remote access available to anyone the IP address should look like this: 255.255.255.255.

Choosing Operation Time

In some models, you can set up an operation schedule. For example, you don’t use the network at night so you don’t want someone else to connect either. This can be done in one of the two ways: by turning the router off (pressing the corresponding button) or setting up the schedule for its work.

To do it, open the tab Access Control, go to Schedule, and click Add New.

Schedule

In this window, you can specify days and time when you want the router to operate, and confirm your choice by clicking Save.

Save

Filtering Devices by IP Address

If you need to restrict Internet access for certain computers within the network, use the ARP function. Binding by ARP protocol is a convenient option to control access for computers within a local network.

To set up this filter, you should assign a static IP to every computer connected to the network.

For a Windows 10 computer, open Settings / Network & Internet / Change adapter options.

Settings / Network & Internet / Change adapter options

Right-click on your network and choose Properties. Then select IPv4 and click on Properties.

Windows. Properties


Windows. IPv4

Check the box next to Use the following IP address and specify it, as well as the subnet mask and default gateway.

To connect the IP address of a computer to a certain MAC address and make sure that other computers don’t use this address, enable ARP Binding function in the router’s settings by visiting the tab IP & MAC Binding.

IP & MAC Binding

After that, create a new entry by clicking on the button Add New, type the МАС and IP addresses, check the box next to Bind and click Save. In the ARP table, you will see all bound devices.

Add New

Now if someone else’s computer (which is not on this list) sends a request to establish connection, access will be denied.

TP-Link

Checking for Strange Devices in the List of Clients Connected to the Router

If you notice that the amount of your traffic has reduced considerably, or you doubt that the router works properly, check it for any odd devices that might be connected.

To do it, open the tab System Tools and go to Statistics. Enable Internet traffic statistics by clicking on the corresponding button.

System Tools

In the table, you can see all connected devices and notice strange connections by their IP addresses.

TP-Link

All the security settings I have shown you today are not obligatory, and everyone is free to use them or not. The paramount task is to ensure the router’s security so that no one can modify its settings and deprive you of your Internet connection. Quite often, the only sufficient measure required is changing the router’s login and password, along with setting a reliable password for the Wi-Fi network.

That is all for now. I hope this guide will be useful. Feel free to leave comments and ask questions.

Vladimir Artiukh

Author: , Technical Writer

Vladimir Artiukh is a technical writer for Hetman Software, as well as the voice and face of their English-speaking YouTube channel, Hetman Software: Data Recovery for Windows. He handles tutorials, how-tos, and detailed reviews on how the company’s tools work with all kinds of data storage devices.

Oleg Afonin

Editor: , Technical Writer

Oleg Afonin is an expert in mobile forensics, data recovery and computer systems. He often attends large data security conferences, and writes several blogs for such resources as xaker.ru, Elcomsoft and Habr. In addition to his online activities, Oleg’s articles are also published in professional magazines. Also, Oleg Afonin is the co-author of a well-known book, Mobile Forensics - Advanced Investigative Strategies.

  • Updated:
  • Evaluations:
  • 12
  • /
  • :

Share

Questions and answers

  • What kind of protection should I enable for my Wi-Fi router?

    Use WPA2/WPA3 - Personal, or WPA2 - Personal with AES encryption. As of today, this one is the best and the safest.

  • Advice for maximum security of your router and home W-Fi network.

    You can take some action to improve the level of security for your router and Wi-Fi network:

    • Update the firmware for your router to the latest version available;
    • Change your administrator’s login;
    • Change the default Wi-Fi network name;
    • Set a reliable Wi-Fi password and enable the best encryption possible;
    • Suggest your visitors to use a guest Wi-Fi network;
    • Set up a new Wi-Fi network for your IoT devices;
    • Disable WPS (Wi-Fi Protected Setup);
    • Change the default administrator’s IP address.
  • How can I learn what security protocol is used by my router?

    The security protocol used by the router can be found in the web interface or in the network security tab of its app. Before buying a new router, it’s a good idea to visit the manufacturer’s website and read about its Wi-Fi security features.

  • What’s the difference between MAC address and IP address?

    MAC address is a unique identifier assigned to a network interface controller (NIC) for use as a network address.

    An IP address is a unique address that identifies a device on the internet or a local network.

    A MAC address denotes the address for managing access to the environment, while an IP address denotes the address of an Internet protocol. MAC address is also known as a hardware, network or physical address. On the other hand, an IP address is also known as logical address, network or Internet protocol address.

  • Why can’t I connect to the router remotely?

    Regardless of the actual manufacturer, most modern routers have their remote administration feature disabled for security reasons.

    When turning it on, make sure you have selected a port different from the default one, so that your connection is much safer now.

Comments (11)

  • Doug Findley
    Doug Findley 25.07.2019 21:46 #
    Are there any additional steps you can take to further enhance the security of your router?
    Reply
    • Hetman Software
      Hetman Software 25.07.2019 22:13 #
      1. Change the default username and password for your router.
      2. Enable WPA2 encryption on your router.
      3. Disable Remote Administration.
      4. Use a firewall to block unwanted incoming traffic.
      5. Regularly update the firmware of your router.
      6. Disable guest networks on your router.
      7. Use a Virtual Private Network (VPN).
      8. Regularly scan your network for vulnerabilities.
      9. Use MAC address filtering to restrict access to your network.
      10. Limit access to your router’s administrative interface to trusted IP addresses.
      Reply
  • Sam Haines
    Sam Haines 25.07.2019 18:47 #
    What are some common mistakes that users make when securing their routers?
    Reply
    • Hetman Software
      Hetman Software 25.07.2019 19:04 #
      1. Not changing the default username and password: Many routers come with a default username and password, which can be easily guessed or found online. It is important to change these as soon as possible.
      2. Not encrypting the wireless network: Without encryption, anyone with a wireless device can access your network. This can lead to data theft and other malicious activities.
      3. Not disabling remote access: By default, many routers have remote access enabled, which can allow hackers to gain access to your router from anywhere in the world.
      4. Not disabling UPnP: UPnP (Universal Plug and Play) allows devices on your network to automatically open ports on your router, potentially allowing malicious traffic to enter your network.
      5. Not enabling a firewall: Firewalls help protect your network from malicious traffic, so it is important to enable one on your router.
      6. Not updating the router firmware: Outdated firmware can contain security vulnerabilities that can be exploited by hackers. It is important to check for updates regularly and install them as soon as possible.
      Reply
  • Theo Harrison
    Theo Harrison 25.07.2019 16:56 #
    What are the risks of allowing remote access to your router?
    Reply
    • Hetman Software
      Hetman Software 25.07.2019 17:18 #
      1. Unauthorized Access: Allowing remote access to your router can make it easier for hackers to gain access to your network.
      2. Data Leakage: If your router is compromised, the hacker may be able to access sensitive data stored on the device.
      3. Malware Infection: Hackers can install malicious software on your router that can infect other devices on your network.
      4. Network Performance Issues: Allowing remote access to your router can lead to performance issues as the hacker may be able to overload your network with traffic.
      5. Security Vulnerabilities: Allowing remote access to your router can expose security vulnerabilities that can be exploited by hackers.
      Reply
  • Martin Farwell
    Martin Farwell 25.07.2019 13:13 #
    What is WPS and how can it be used to secure your Wi-Fi network?
    Reply
    • Hetman Software
      Hetman Software 25.07.2019 13:34 #
      WPS (Wi-Fi Protected Setup) is a feature that allows users to easily connect Wi-Fi enabled devices to a secure wireless network without entering a password. It uses a PIN or button press sequence to authenticate the connection. WPS can be used to secure your Wi-Fi network by enabling encryption and authentication protocols, such as WPA2, which helps protect your network from unauthorized access.
      Reply
  • Sammy Moore
    Sammy Moore 25.07.2019 09:09 #
    What are some common methods used by hackers to gain access to a router?
    Reply
    • Hetman Software
      Hetman Software 25.07.2019 09:37 #
      1. Brute Force Attacks: This involves systematically trying every possible combination of usernames and passwords until the correct one is found.
      2. Exploiting Weak Passwords: Hackers can use automated tools to guess passwords that are weak or commonly used.
      3. Exploiting Vulnerabilities: Hackers can exploit vulnerabilities in the router’s firmware or software to gain access.
      4. Spoofing the MAC Address: Hackers can spoof the MAC address of a trusted device to gain access to the router.
      5. DNS Hijacking: Hackers can hijack a router’s DNS settings to redirect traffic to malicious websites.
      6. Man-in-the-Middle Attacks: Hackers can intercept communications between the router and other devices to gain access.
      Reply
  • Hetman Software: Data Recovery
    Hetman Software: Data Recovery 25.07.2019 08:42 #
    Read about router security settings. If you do have any questions, don't hesitate to contact our technical support service - we will be happy to help you.
    Reply
Post comment
User
Leave a reply
Your email address will not be published. Required fields are marked *

Recommended For You
This website uses cookies to improve your experience. Description
Hello! This is AI-based Hetman Software virtual assistant, and it will answer any of your questions right away.
Start Chat