Key takeaways
- The Wi-Fi password and the router administrator password protect different things and should both be unique.
- Use WPA3 or WPA2, current firmware, a firewall, and a guest network where supported.
- Document the configuration and recovery method before disabling old features or resetting equipment.
Inventory the network before changing it
Record the router and modem model, internet provider, administrator address, current update status, and devices connected. Include cameras, printers, TVs, speakers, appliances, hubs, work devices, and equipment that only appears when active.
Photograph cable locations and save provider support details. A reset made without knowing the internet connection type, provider credentials, or mesh layout can create a long outage and lead to insecure temporary settings.
Protect the two control planes
The network password lets a device join Wi-Fi. The administrator password changes the router itself. Use different, long, unique passwords and change default administrator credentials and a network name that reveals a family, address, or router model.
The FTC home Wi-Fi guide recommends WPA3 Personal or WPA2 Personal encryption. WEP and old WPA are outdated; if updates do not add a supported option, plan to replace the equipment.
Reduce unnecessary exposure
- Install current router firmware and enable automatic updates when the vendor supports them reliably.
- Turn on the router firewall.
- Disable remote administration unless there is a specific secured need.
- Disable WPS and UPnP unless a documented device requirement outweighs the risk and alternatives are unavailable.
- Log out of the administrator interface and do not expose it through a browser bookmark shared with guests.
Segment by trust and support life
Isolation features differ. Test whether devices that need local discovery still work and whether guest clients can reach router administration or one another.
| Network | Typical use |
|---|---|
| Primary | Current computers, phones, and trusted devices |
| Guest | Visitors without access to household devices |
| IoT or isolated | Cameras, appliances, and devices with limited support, if router supports isolation |
| Work | Only if employer policy and equipment support a separate segment |
Run a quarterly network check
- 1
Review connected clients and investigate unknown names by hardware address and timing.
- 2
Check router and device update status and remove products no longer receiving security support.
- 3
Review administrator accounts, remote features, port forwarding, DNS settings, and guest access.
- 4
Back up the configuration if the vendor’s backup does not expose secrets insecurely.
- 5
The FTC connected-device guidance recommends changing device defaults, using two-factor authentication, and reviewing connected devices.
Evidence record
Sources and methodology
We used primary public sources for the factual framework, then wrote and structured this guide independently. Links are checked during editorial review and when a guide is substantively updated.
- How to Secure Your Home Wi-Fi NetworkFederal Trade Commission · Used for: Encryption, router settings, updates, firewall, and guest network
- Securing Your Internet-Connected Devices at HomeFederal Trade Commission · Used for: Device inventory, defaults, and two-factor authentication
This article is general educational information, not individualized financial, medical, legal, tax, cybersecurity, construction, or career advice.