Change the Defaults
Most of what we talk about below will be addressing this because the default settings on a router are simply not enough to build a secure network.
Something really important to understand is that routers ship with a default password in place, and depending on whether the router was used, yours might even also have old security protocols enabled and random network ports open.
Start by changing the default password to something really secure. There are plenty of examples of strong passwords that you can use to create your own router password.
If your router requires a username, change that, too. This is usually admin or administrator by default, so you want to change it to something really unique. If it helps, consider the username another password; a hacker will need both to connect to your router, so changing both of them will make your router more secure.
How to Make a Unique Username
While you're in these settings, you may as well change the default gateway address, too. Some common standard private IP addresses used for routers include 192.168.1.1, 192.168.0.1, and 10.0.0.1. Make yours completely different so that an attacker has no head start into your network.
If your router isn't new but was instead used by someone else before you, don't make any changes just yet. Start with a clean slate by resetting the entire router to factory default settings. This will clear any and all customization made by the previous owner, including any poor security choices they may have made.
Make a Unique Wi-Fi Password
Believe it or not, most routers let you make a Wi-Fi network without requiring a password. This means that literally anyone close enough to your house can steal your Wi-Fi and potentially access the files on your computer.
Changing the Wi-Fi password is pretty easy. To do it, you just need to access the admin settings on your router, which you already know how to do if you completed the router password tip above.
Your Wi-Fi password, like the router password, should be really hard to guess. It's definitely tempting to make it super simple so that when you share it with friends, you aren't fumbling through papers to find a 40-character password you set it as, but really...this is important.
If someone has access to your Wi-Fi password, they'll have the same access you do, meaning that they can also share and view files on the network. For a malicious hacker, this could mean spreading viruses and stealing important documents from your shared folders.
Try to your best to make the Wi-Fi password really long. Particularly, 25 characters or more. As much as it may pain you to enter a 30, 40, or 50-character password on each wireless device, you only have to do it once per device to make the password stick indefinitely.
The reason for this is simple: software that hackers use to attack wireless networks have limitations, namely length and complexity limitations. In other words, if you can make your password super long and complex, there's basically no chance that someone can use auto-hacking tools (or guessing techniques) to figure out your Wi-Fi password.
Use the Correct Wi-Fi Encryption
Encryption can be confusing, but the takeaway here is to enable the strongest encryption your router supports. For most people, this means WPA2. If your router only supports WEP, it's time to buy a new router.
How to Understand WEP, WPA, and WPA2
You can enable WPA2 or any other form of encryption by accessing the router's admin settings, just like you did for the password changes above.
Stop Showing the SSID
The SSID is the name of the Wi-Fi network. When it's showing, it's easy to connect to it because anyone with a wireless device can find it — be it you, your friends, family, etc.
When you stop broadcasting the SSID, it will make it harder for your friends to connect but it makes it equally more difficult for hackers to find because they can't just stop by and notice that your network is up and running.
A hidden SSID is useful but isn't a surefire way to stop an attacker. They can use data capturing programs to "sniff out" the packets coming from your network to find the SSID. However, the average Joe who maybe isn't so keen on security software will definitely have a harder time getting in.
If you're not interested in disabling the SSID from broadcasting from the router, at least change the default SSID. Hackers can use easily attainable lists of the most common SSIDs and generate password cracking rainbow tables to make breaking in that much easier. Change the SSID and you're immediately thwarting those types of hacking attempts.
Block Devices by Their Hardware
If an attacker still managers to gain access past your secure Wi-Fi password, strong encryption, and hidden SSID, you'll probably stump them here. To block devices by their hardware, set up MAC address filtering.
When you enable MAC address filtering, you create a list of allowed devices, and anything not on that list is denied access to your network. You can think of it like another password that only authenticates a user if their network adapter matches the list of devices you've explicitly said can get on your Wi-Fi.
Is it bulletproof? Of course not; nothing really is. However, it's very effective for preventing most people from getting on your network. To bypass this, they'd have to know which MAC addresses you're allowing and then fake their hardware address to pretend to be an approved device.
Limit How Many IP Addresses Can Be Used
It's hard enough to reach your network with all of the above practices intact, but for extra security, consider limiting how many devices can receive an IP address on your network. No IP = no network access.
The best way to do this is to limit the scope of the DHCP pool, which is the number of addresses the router can dispense to devices that request one. If you have only three devices that ever need internet access on your network, make that limit three.
The moment anyone else tries to connect, DHCP won't have any room left to offer an address.
A DHCP scope limitation is something you can access in the router settings. There's probably not a "limit" option so instead, just make the DHCP pool number really small, preferably the same number as your device count (but no less!).
For example, if you only ever have a game console, laptop, and phone connected, make it three.
If you enable this Wi-Fi security tip, make sure you realize exactly what it's doing. If you set a limit of just four, for example, and your two computers, tablet, and phone are always connected, then the moment a friend tries to use Wi-Fi, they'll be turned away automatically.
Use a VPN Through the Router
VPNs are virtual private networks, essentially encrypted tunnels that all the router traffic can flow through before reaching the internet. Wi-Fi hackers will have quite a hard time figuring out what you're doing if they can't read the data.
There are tons of VPN service providers you can pick from, but not all of them let you use the VPN at the router level — most work from the end-user device, like your computer or phone.
The goal here is to find either a VPN service that lets you enter the server information into the router settings or a device that supports VPNs out of the box.