I love setting Wi-Fi passwords because I like making them miserable to guess. I will happily mix words, numbers, symbols, and whatever odd little phrase makes sense only to me, then feel satisfied that nobody is brute-forcing their way onto my network. A strong password absolutely matters, but it is also the easiest part of home network security to overestimate.

Your router does much more than hand out Wi-Fi. It decides who can join, how devices communicate with it, whether legacy security modes are still allowed, whether external access is possible, and whether your smart TV receives the same level of trust as your laptop. Router menus vary wildly by brand, and mesh systems often hide the interesting parts inside phone apps, but these are the settings I would check before congratulating myself on a clever Wi-Fi password.

Change the router admin login, not just the Wi-Fi password

The admin password is not the same as the Wi-Fi password

The Wi-Fi password controls who can join your network. The router admin login controls who can change the network. Those are not the same thing, even if many people mentally file them under “the router password” and move on. The admin account is the control room. It can rename your network, change the Wi-Fi password, update firmware, enable remote access, adjust DNS settings, open ports, and sometimes see every device connected to the router. If someone has the Wi-Fi password, they can use your connection. If someone has the router admin password, they may be able to rewrite the rules of the whole network.

Broadband Genie’s 2025 survey of 3,242 internet users found that 81% had never changed their router administrator password, and 69% had never changed their router’s Wi-Fi password. That is not a niche oversight. Websites like routerpasswords.com maintain community-driven databases cataloging default usernames and passwords for virtually every router manufacturer. You can visit, select a brand from a dropdown menu, and instantly see the default credentials. However, regional consumer laws like the UK’s PSTI Act are starting to fix this by banning universal default passwords on newly manufactured hardware.

Log in to your router’s admin panel — usually 192.168.0.1 or 192.168.1.1 in a browser — though mesh systems like Google, Amazon, Eero, Netgear, and TP-Link Deco route this through a smartphone app. Find the admin account settings, change both the username (where the interface allows it) and the password, and make the password unique rather than a recycled one from elsewhere. If your router is managed entirely through a cloud-linked app, that app’s login is effectively the new admin password, so treat it accordingly. Also, check whether remote admin access is enabled. If you have no reason to configure your router from a café, turn it off.

Use WPA3 if your router gives you the option

Old modes age badly

Credit: Brady Snyder / MakeUseOf

Your router’s encryption setting protects the wireless link between your devices and the router. That is the part someone nearby can try to attack because your network broadcasts over the air. HTTPS still matters for the websites and services you use, but your Wi-Fi security mode decides how well the local wireless connection is protected.

WPA3 is the current Wi-Fi security standard and is the option I would choose first if my router and devices support it. Its biggest improvement for home users is SAE, a stronger authentication method that makes offline password-cracking attacks much harder than they were under WPA2-Personal. In simple terms, someone should not be able to capture your Wi-Fi handshake, leave, and casually grind away at your password later.

WPA2 is not useless, especially with a strong password and AES encryption, but older modes like WEP and plain WPA should be treated as museum pieces. If your router is still using either one, the password is no longer the main problem. The security mode is.

Open your router’s wireless settings and look for the security or encryption dropdown. Pick WPA3-Personal if it is available. If that causes older devices to drop off, WPA2/WPA3 transitional mode is a reasonable compromise because newer hardware can use WPA3 while legacy devices fall back to WPA2. If WPA3 is not available, use WPA2-Personal with AES. Avoid TKIP and WEP, and be suspicious of any router that still presents old security modes as normal choices in 2026.

A working router can still be an unsupported router

The router on your shelf is not Immune just because it works

A router can reliably forward your Netflix traffic while running firmware with three years’ worth of unpatched vulnerabilities. The two things are entirely unrelated, which is exactly why old routers are among the most neglected devices that need regular firmware updates.

Most people only think about replacing a router when the Wi-Fi gets slow or the signal starts misbehaving. Security support is subtler. When a router reaches the end of its life, the manufacturer stops releasing firmware updates and security patches. Any serious vulnerability discovered after that point may never be fixed, even if the router still looks fine on a shelf and still gets every phone in the house online.

This is not theoretical. In May 2025, the FBI warned that end-of-life routers were being targeted by cybercriminal services using malware that affected older devices, turning them into proxies for hiding malicious activity. That is the unpleasant reality of unsupported networking gear: your router can become useful to someone else without giving you an obvious warning.

For routers still under support, check the admin panel for a firmware or software update section, usually under Administration, Advanced, System, or Maintenance. Enable automatic updates if the option exists. Many modern routers and mesh systems already support app-based or automatic updating, but I would still check rather than assume. If your router model hasn’t received firmware updates in a couple of years, check the manufacturer’s support page for its status. “Still works” is not the same as “still supported.” If it is officially end-of-life, replacement is the cleanest fix.

Turn off the convenience features you do not use

Shut the spare doors

Some router features were designed for ease first and security second, which is a primary reason you might decide to disable UPnP and WPS on your router.

WPS (Wi-Fi Protected Setup) is designed to make joining a network easier by allowing you to press a button or enter a short PIN instead of typing the full Wi-Fi password. The button method is less troubling than the PIN method, but I still do not like leaving WPS enabled when I do not need it. The PIN approach has had security problems for years, and NetRise’s 2025 research found that Pixie Dust, a WPS-related exploit first disclosed in 2014, still affected consumer and small-business networking equipment. In its analysis of 24 devices across six vendors, only four had ever been patched.

That is enough for me. I do not care how convenient WPS is if I only use it once every few years. So, I turned it off in the wireless settings and now type the password manually.

UPnP, or Universal Plug and Play, is more complicated because it can be genuinely useful. It lets devices on your network automatically open ports on your router, helping game consoles, media servers, and smart home hubs avoid manual configuration. The problem is that malware inside your network can abuse that same convenience. A device that can ask the router to open a path to the outside world is not a device I want to trust unquestioningly.

If you are not sure you need UPnP, turn it off. If something breaks, you can decide whether to re-enable it or create a dedicated manual port-forwarding rule instead. While you are in that part of the settings, review any existing port-forwarding rules and remove any entries you no longer recognize. Router settings have a way of accumulating leftovers from experiments you forgot you ever ran.

Put smart home gear somewhere it can do less damage

Separate guests and smart devices before they become everyone’s problem

Credit: Bryan M. Wolfe / MakeUseOf

Every device on the same network can, in principle, talk to every other device. That is convenient when everything is trustworthy. It is less charming when your laptop, phone, NAS, smart TV, camera, bargain smart bulb, and mystery-brand plug are all sitting in the same room.

Smart home devices are not automatically dangerous, but they often have weaker update habits than phones and laptops. Some get updates for years. Some get one update and then drift into firmware purgatory. If one of those devices is compromised, I would rather it not have a direct route to the machines where I keep my files, accounts, and work, which is where setting up a guest network helps. Most modern routers let you create a separate Wi-Fi network with its own name and password. In many setups, devices on the guest network can reach the internet but cannot freely poke around your main network. That makes it a useful place for smart TVs, cameras, speakers, plugs, bulbs, and other devices that do not need access to your laptop.

Printers are the awkward exception. Moving a printer to a guest network can make local discovery annoying, so I would only do that if your router supports the setup cleanly or if you are comfortable troubleshooting printing later.

Also, look for a client isolation setting. On some routers, guest networks still allow guest devices to communicate with each other unless isolation is enabled. Turning that on can limit how much trouble a compromised device can cause to other devices on the same guest network.

None of this takes long, so go over these settings

A strong Wi-Fi password is still worth having, and I will continue to make mine hard to guess. But it is only one layer of the setup. Good that none of the settings I listed above require anything beyond a browser, a few minutes, and mild curiosity about the admin panel that has been sitting at 192.168.something since the router was installed. The settings above cover most of what undermines an otherwise secure home network.

Brand

TP-Link

Range

2,900 sq. ft

Wi-Fi Bands

2.4GHz, 5GHz, 6GHz

MU-MIMO

Yes

Mesh Network Compatible

Yes

Ports

1 x 2.5Gbps WAN/LAN, 2 x 1Gbps LAN

TP-Link Deco XE70 Pro AXE4900 is a tri-band mesh Wi-Fi 6E system delivering fast, reliable whole-home coverage. Using the 6GHz band for reduced interference, it improves speeds and stability across multiple devices. Easy to set up and manage via app, it’s ideal for streaming, gaming, and busy connected homes.