How to protect your wireless router

neil hawkins
By Neil Hawkins

wireless router

SO THE adverts promised superfast speeds at all times of the day and night, and for a while that new broadband was living up to the promises.

But now connecting via wi-fi is like wading through syrup, and a speed test reveals that for some reason we're only getting 4Mb. What's going wrong?

It could be that our wireless broadband connection is being "piggybacked" - or to put it bluntly, hacked.

Even more worryingly, plenty of us are sharing our wireless signal with unwelcome guests without seeing the telltale drop in speeds we used in the example above.

But if it's not affecting our wi-fi network's performance, should we worry?

The answer is yes. "Many of us have a cavalier attitude to wi-fi use", says Michael Lynch, an identity fraud expert from CPP."Any information people volunteer through public networks can easily be visible to hackers."

So how to protect our connection and our personal data? Read on.

1. Password protect the router

Many people don't bother to change any of the preset passwords supplied with their broadband router, which leaves them open to being accessed by pretty much anyone who knows where to look online.

The first one we need to change is the router password. This is different from - and potentially more important than - the password we use to log onto the wi-fi network via our computers and phones.

It's vital that we change this password - if there's one set up at all - because every router sold or provided to us comes with a generic password that can easily be found online.

Anyone who gets access has the ability to fiddle with the rest of its settings, including changing the wi-fi password - also known as the network key - and effectively locking us out of our own wireless network.

To change the router password, check for a sticker or panel on the back of the router that includes the network key: some ISPs include the router or admin address (http://192.168.x.x or similar) and the password on this label.

Navigate to this address in a computer browser and log in using the details provided, then look for the option to change the password to something more difficult and unique - and keep a note of the new password somewhere safe.

Change the router password
...on a BT hub
...of a Plusnet router
...with a Sky hub
...if it's from TalkTalk
...or one of Virgin Media's

We've included links to the instructions on how to do this for each of the UK's biggest ISPs in the box to the right.

It's also worth looking to see if there's an option to restrict admin access to the router to connections made via Ethernet cable - so that once secured, only those with physical access to the router can change these settings.

Once we've changed the router password, stay logged into the screen to carry out the next few security checks.

2. Password protect the network

The next step is to change the network key - the more familiar password we type into every device when first connecting to the wireless network - and make sure the network is encrypted to a decent standard.

There should be a "security" tab or menu, showing the various options for encryption - do not choose "none". If there's a choice between WEP or WPA, go for WPA, and ideally WPA2.


With WEP protection, the wireless router generates a 10 or 26 (64 bit or 128 bit) character sequence of random letters and numbers which becomes the password for anyone wanting access to the network.

This was all well and good until someone worked out how to hack it - have a quick search on Google for "How to hack WEP encryption" to see just how insecure it is as an encryption method.

Most of the newest routers should feature WPA2 encryption - often called WPA2-PSK - but if that's not an option, use WPA Personal. If there's a choice between WPA2 [AES] or WPA2 [TKIP], choose the [AES] option.

One of the strengths of WPA2 encryption is that it gets us to set our own password - which we should make as difficult as we can, thus helping to ensure that only the people we tell the password can log on.

As we should be using unique and difficult to remember passwords for every account we have, it's worth using a password manager to generate the new network key, even if we then have to write it down and tuck it under the router for future reference.

Also make an effort to change this password frequently, even if it does feel like a pain having to update the details on every device in the house.

3. Change the SSID

After this, but before we start trying to connect our phones, smart TVs, printers and other devices using these new credentials, it's worth taking a little more time to change and possibly hide the network's SSID.

This is the name that comes up when we scan for available wireless networks to connect to, and most include more or less detail about the ISP and router model broadcasting the signal - run a scan and note how many start with "TALKTALK", "Sky" or "BTHub".

That gives hackers and other unwanted guests a place to start when checking if we're using default passwords (see step 1) - so change it to something less revealing.

Given how many devices most of us have connected to our home wireless network, it's often not practical to hide the SSID - but doing so means the neighbours and any casual chancers won't see it on their list of networks when they're looking for a connection.

4. Switch off WPS

Wi-fi Protected Setup, or WPS, is really useful for connecting new devices to a wireless network quickly and easily - simply select the WPS option on the device, then push a button on the router, and lo, access is granted.

It works by synchronising with - and granting access to - any devices in the surrounding area that are primed to receive WPS data.

While the obvious risk would seem to be from people hanging around our router to try to take advantage of these mini broadcasts, WPS can also be cracked fairly swiftly by hackers once they know just a few basic details about the router setup.

Once they've cracked the WPS, they can go on to access our other security details much more easily - so if in doubt, switch it off.

5. Build the great firewall of China

Finally, it's vital to protect broadband connections from virtual intruders as well as those physically near us.

Almost all routers have a built in hardware firewall which is a far more robust defence than any software firewall.

This will prevent any unwanted attention from hackers and any unauthorised traffic attempting to connect to our computer from the Internet.

The instructions will be in the router manual, or on the ISP's router help pages - but it may be as simple as looking in the router admin settings (see step 1) for the security option saying something like "SPI firewall" or "NAT firewall", clicking enable, and then saving and applying that change.

Remember, however, that a firewall on its own doesn't protect against viruses so always have anti-virus software installed and up to date.

Check our guide to online safety for more information on the security packages offered by all the major broadband providers.

Windows users can also easily switch on the Windows firewall to protect the incoming and outgoing traffic on their computer.