Secure your Wi-Fi against hackers in 10 steps

6. Install alternative firmware

The more adventurous users may take the "update your firmware" message a step further and install totally new firmware from an alternative source. If you think of your router as being a mini-computer, it's akin to changing the OS on a laptop from the supplied Windows install to a Linux distro.

Why would you do this? To gain functionality missing from the original firmware, especially relating to security. And why wouldn't you? Your warranty will be invalidated, so it's best left to older routers. If you go ahead, you'll probably find yourself choosing between DD-WRT and Tomato, which is easier to use but at the cost of being less feature-rich.

7. Sniff out rogue devices

Now we've covered most of the major security precautions you could take, how might you discover who's actually using your Wi-Fi? You can do this from your router gateway, and it varies from router to router as to where the option will be.

With BT's Smart Hub, you should click on the My Devices tab, for example, whereas most Netgear routers will hide the attached devices list in a Maintenance menu. There are lots of tools out there to help you do the same, and they don't have to be as complex as something such as Nmap.

One of our favourites is Fing for Android or iOS. This app scans any IP range and shows what's connected and in plain English, where possible. So whereas the BT router will often only list a device's IP address, Fing usually spells out the device's manufacturer, making it easier to identify the dozens of devices we have connected these days.

If the numbers don't add up, it's a good idea to determine why. If you only have a laptop, a phone, an Android-powered TV set and a printer connected to your hub, why are there nine devices using your Wi-Fi? And how do you know how many people are using it and what those devices are?

See something you don't recognise and Fing will, at the touch of a button, reveal the information you need to block it from your router admin gateway. That you can do all of this from your smartphone, anywhere in the home or office, makes keeping tabs on who's using your Wi-Fi hassle-free.

8. Employ MAC filtering

The information that Fing reveals when you want to block something from using your Wi-Fi is our old friend the Media Access Code (MAC), which every device connecting to a network is allocated. It's a 48-bit digital identifier used by the device to tag network packets, to be precise.

By default, your router will connect to anything that wants access, provided it has the correct password. If you want to prevent a device from connecting, even if the user has the correct password, that's where MAC filtering comes in. Once you have a MAC address code, you can use an online specialist site such as What's My IP or MAC Vendor Lookup (macvendorlookup.com) to identify any piece of connected kit that you don't recognise. Fing does the MAC lookup for you in the background and then automatically displays the device maker on-screen as part of its auditing process.

When you've identified the culprit, head to the "access control" section of your router controls, which is MAC filtering by another name. Here you can either block all new devices, so before anything can join the network you'd have to whitelist the device's MAC address, or block individual devices by blacklisting their MAC.

It isn't foolproof: most devices allow their MAC to be changed in software, so a determined hacker could clone a device that you whitelist and gain access. Ultimately, if you don't want someone to use your Wi-Fi, don't give them the password. If they're already using it, then change the password to something more complex.

9. Use a virtual private network (VPN)

There's every chance that virtual private networks (VPNs) are supported on your router, whether you're using default firmware or have upgraded to an alternative. Although VPNs are more commonly associated with third-party software that re-routes your internet traffic through a proxy, operating your own VPN through your router may provide added security benefits.

Doing so means being able to access your home network in a secure way through an encrypted tunnel when you're not connected to your network. This also offers the same level of end-to-end encryption as a paid-for service, meaning you can securely browse the web from public spaces without fear of data leakage or interception. In order to do so smoothly, you'll probably need a Dynamic DNS (DDNS) service to resolve a domain name to your router as a home user, to skirt around the fact most ISPs don't offer a static IP address for your router. The free-to-use No-IP is as good as any for this.

10. Set up a guest network

Passing the Wi-Fi password to everyone who visits your home, including your friends and family, means by definition you're diluting your home network security, and raising the chances that this password falls into the wrong hands. They might, after all, accidentally leak the password to somebody else, albeit without knowing.

One way of maintaining the integrity of your network is by changing the password each and every time you hand out the code - although this may prove incredibly inconvenient for not only your routine visitors but also for yourself and members of your household.

Alternatively, many routers allow users to set up guest networks for visitors. This means you can provide users with a key that gets them online on a virtual network, without exposing your connected devices. Should your router not support guest networks, we would recommend you update your firmware to double-check the feature hasn't been added at a later date. If not, we'd suggest upgrading to a newer model.

Updating your router with the widely-used replacement router firmware Tomato may help, as this does support a guest mode.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.