IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Secure your Wi-Fi against hackers in 10 steps

Lock down your Wi-Fi network and find devices that are stealing your bandwidth – and, potentially, your data

The days of worrying about your data allowance are largely a thing of the past, courtesy of faster broadband speeds and generous tariffs. But that doesn't mean you should forget about who's using your Wi-Fi. Whether you're a home or small-business user, identifying who and what is on your network is as important as ever.

An unauthorised user could be streaming pirated movies, hogging your bandwidth and, potentially, landing you in a spot of legal bother. They could be indulging in more nefarious activity, maybe even trying to hack into your systems. This shouldn't come as any great surprise when research commissioned in 2018 by Broadband Genie showed 54% of British broadband users were concerned about someone hacking their router, yet only 19% had accessed the Wi-Fi router configuration controls, and a measly 17% had changed the admin password from the default.

Avast also scanned over 4.3 million routers at the time and found 48% had some sort of vulnerability. Thankfully, there are plenty of tools and tricks to identify who's on your connection and how to get rid of them.

1. Change the admin password

If you want to know what your wireless network is up to, you'll need to roll up your sleeves and head straight for the admin gateway of your router: BT will usually default to; Sky users should try; and all TalkTalk routers have an internal IP of If you've swapped out the supplied router for one of your own preference, Google is your friend.

Alternatively, you can head over to most makes and models are listed there, complete with login details. And if that doesn't convince you to change your router from the default settings, nothing will...

Default login settings should only be used to get up and running out of the box, after which you should change the password to something long and complex, and change the username if your router allows it. Long and random is great passkey advice, which is almost always ignored on the basis that people want to join the Wi-Fi network without any hassle. Well, duh! Ask yourself this: how often does any user actually have to enter the Wi-Fi password manually? Certainly within the home, and for many small-business scenarios, the answer is usually hardly ever after the initial setup.

A key that's over 20 characters long, with a randomly generated mix of upper and lower-case alpha-numericals, with special characters, is your best bet. LastPass' tool is excellent for producing randomly generated and secure passwords.

2. Don't broadcast your router details

While you're in your router settings, you should change your service set identifier (SSID). This is the name of your network that the outside world sees; it commonly defaults to the router manufacturer's name. In light of how easy it is to find admin logins online, best not make the hackers life any easier than it already is. A determined hacker isn't going to be prevented from detecting and accessing your network simply because there's no SSID being broadcast, but using a random name rather than the factory default makes sense. Not least as it suggests the user is more security savvy than someone who is still broadcasting the router manufacturer.

3. Disable Wi-Fi-protected setup (wps)

Either by entering a PIN number of simply pressing a button, Wi-Fi-Protected Setup (WPS) may establish encrypted ties between your network and a device that supports the protocol. Disabling this function may not seem like a great idea on paper, but the mechanism WPS relies on is fundamentally broken. 

WPS, on paper, makes use of an eight-digit passcode, although the eighth digit is always a check digit, so the PIN is reduced to seven numbers, which makes attacks such as brute-force attempts far easier. To make matters worse, most routers don't allow for a cooling off period between attempts to crack the WPS code. If that doesn't worry you enough, the first four digits of the PIN are normally always a sequence, as are the final three, meaning the grand total of possible combinations is just roughly 11,000 - having been reduced from ten million. As such, a number of simple pen-testing tools such as Reaver are able to brute-force WPS PIN codes in no time at all.

4. Update your firmware

Alarmingly, only 14% of British broadband users have updated their router's firmware, according to the aforementioned Broadband Genie research. We're surprised this figure is as high as it is, in all honesty, and if you're among the 86% who haven't updated the system software, then we'd encourage you to do so as soon as possible. Doing so is guaranteed to boost your network security, and at no extra cost in terms of money or time. This, ironically, is a crucial step the majority of people fail to commit to.   

As for why this is the case, the mindset among many in homes and small businesses may be one that isn't compatible with the idea of regular 'patch management'. Updating Windows 10 may be one thing, and most of us are used to waiting for Microsoft's flagship OS to upgrade itself at a moment's notice, but translating this practice to all devices and software may be another challenge entirely. While most routers may well have an automatic update toggle, a firmware upgrade may revert this to a default setting where this is disabled, so it's crucial to check whether this applies to your router after each update.

5. Try a different DNS server

Just as you can install an alternative to the firmware that runs your router, you can choose a different Domain Name System (DNS) server instead of the ISP default. There may come a time when the DNS servers used by your ISP come under attack, by a distributed denial-of-service (DDoS) attack, for example, or someone changing the DNS to effect a cloned banking fraud. The bigger ISPs are a target for this since the consequences of hacking their DNS servers would be enormous.

We've seen the DNS servers of the larger providers suffer downtime, so having a backup and knowing how to flick the switch is useful. The most common choice will be Google Public DNS server (on and for the IPv4 service) or OpenDNS (on and

Essentially, though, open your router admin panel and look for the Domain Name Server addresses configuration page; input a primary and secondary DNS IP. Some routers will have a third server option, and for OpenDNS this would be And that's it, other than to test it's working by hitting the Test button on the OpenDNS guide pages.

Certain providers prevent you from adjusting the DNS server addresses in their own-brand routers, but you can still set individual computers to seek alternate servers.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download


What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

17 Aug 2022
Machine learning vs AI vs NLP
Business strategy

Machine learning vs AI vs NLP

8 Jul 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
World’s biggest four-day working week trial kicks off in UK
flexible working

World’s biggest four-day working week trial kicks off in UK

6 Jun 2022

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
The benefits of a hardware update for SMBs

The benefits of a hardware update for SMBs

2 Aug 2022