First things first, try to recall the last time you actually logged into your router. Scratching your head already? Well, you’re not alone and that, for starters, is a situation worth looking into. The thing is, when every router ships, it does so with a generic username and password, that can be easily found online. Yet, security surveys show most people don’t even care to change them. That means attackers don’t even need to be clever to connect to your Wi-Fi. All they need to do is try the generic defaults and see what happens. This explains why the FTC recommends changing both the Wi-Fi network password and the router admin password to something unique, and avoiding anything that ties back to your name, address, or the router’s brand. And in case you’re wondering, yes, those are two separate passwords, and both need to change.
Once you’re in, check your encryption setting. The current standard is WPA3, which employs a stronger authentication method that makes offline password cracking attacks significantly harder than WPA2, a much older approach. WPA2 is still acceptable, don’t get it wrong, particularly if that’s all your router supports. Even so, if the only options listed are WPA or WEP, you’re looking at security standards belonging to the early 2000s, making you vulnerable to attacks.
Also, while in there, turn off WPS (Wi-Fi Protected Setup), UPnP (Universal Plug and Play), and pretty much any other convenience feature like remote management. Why? Simple, they are all easy to crack.
Update the firmware, and know when the router itself has to go
We can all agree that firmware updates aren’t fun. And that’s fine. But neither is having your router quietly plugged into a criminal botnet while you stream your favorite TV shows. Does that really happen? Yes! In early 2026, the FBI flagged 18 router models involved in a large malware operation, where the attackers took advantage of known vulnerabilities to fold devices into botnets used for malicious activity. And the sad part? Many of these vulnerabilities are known, and hence avoidable.
Luckily with most modern routers, it’s possible to handle updates automatically, either through the admin panel or a companion app. Whichever yours supports, turn it on and forget about it. If it doesn’t, checking manually every quarter should do. Either way, the FBIs guidance on end-of-life routers is worth sitting with: The moment a manufacturer stops issuing updates, any loophole discovered from that point going forward stays open forever. And with that in mind, if your router is pushing, say, seven or eight years now, and you can’t even remember the last time you heard anything from your manufacturer, it’s probably time to move on.
One more thing to verify while you’re in the settings is whether your router’s built-in firewall is actually switched on. Chances are your router has one, but it may not be enabled out of the box. The FTC specifically calls it out as a step worth taking when securing your home network.
A guest network does more than just help your houseguests
It’s safe to say the name is a bit misleading. Sure, a guest network comes in handy when your influencer-wannabe cousin visits and asks for a password to connect to your Wi-Fi. But what’s even more important is that it keeps your smart home devices off your main network entirely. Gadgets like your phone and laptop connect to the primary network. On the other hand, your smart TV, security camera, voice assistant, robot vacuum that definitely doesn’t need access to your banking apps or file servers: all those go on the guest network, in that if one gets compromised, it’s stuck in its own lane that has nothing to do with your key devices.
Some might see this as paranoia, and one may wish they were right. In mid-2025, the FBI warned that compromised IoT devices were being used as entry points for botnet activity, with some devices being sold through major online retailers arriving with pre-installed malware. No kidding. Some of those devices were bad news straight out of the box, and connecting them directly to your main network is simply forging a path for an attacker to reach everything else.
The good news is, most modern routers have a guest network option sitting right in the admin panel or app. You just need to give it a separate name and password, move your smart home devices over, and you’re done. Easy peasy.