Skip to Content
© Ilexx | Dreamstime.com
Safety & security

5 features your router needs to keep hackers out

The router in your home is your gateway to the internet — but that doesn’t mean the traffic only flows one way. An unsecured router can be the perfect avenue for hackers to come in and wreak havoc.

In fact, there are numerous ways cybercriminals can compromise your router. Dirty tricks like DNS hijacking and phishing schemes can let hackers into the heart of your network and, by extension, every device connected to it. Tap or click here for a free way to check if your router has been hacked.

The first step to fortifying your wireless network is finding a router with the right security features. There are plenty of new models with these features built in, and the one in your home might have some or all of them. Here’s what you need to know to safeguard your network and keep hackers out.

What can they do to my network?

A compromised network is one of the worst things an internet user can experience this side of a full-blown case of ransomware. Tap or click here to learn how to protect yourself from ransomware. But unlike ransomware, a compromised network doesn’t just stop at one device.

When your network is attacked, that means every single Internet of Things gadget connected to it is affected. Once inside, hackers can scan for additional unsecured devices, steal personal data like usernames and passwords, modify your operating systems and even spy on or reroute your traffic to their liking.

Solid security features will keep your network safe from attack, and that security will extend to all the devices connected to it. Here are some of the most important features to look for when choosing or configuring your router.

1. Regular or automatic updates

© Lamai Prasitsuwan | Dreamstime.com

Just like with your computer, frequent updates are the backbone to a safer browsing experience. Hackers are tricky, and they’re constantly changing tactics as new security holes and bugs surface.

By updating on a regular basis, you’ll be ahead of the game. Nearly every router has options to manually update the firmware, but it takes a bit of know-how to access them.

To get to your router admin page, you’ll need the IP address used by your router and the admin password. These may be written on the user guide for your brand of router, but if you don’t have this information, there are sites that can help you figure it out. Tap or click here for a list of default passwords for 548 router brands.

Once you’ve opened your router’s admin page, find a section called “Advanced” or “Management” to look for firmware updates. Download any updates available to bring your system up to speed.

For best results, you should update your router at least once every three months or so. If there is an option in your router settings that enables automatic updates, make sure to turn it on. This will ensure you never miss a beat in terms of cybersecurity.

If you’re in the business of shopping for a new router, choose one that includes frequent or automatic updates from its manufacturer to stay ahead of the curve. Our sponsor, eero, is specifically designed with this in mind and gets automatic updates right over the air. More on that below.

Get free overnight shipping by visiting eero.com/Kim and use promo code Kim at checkout.

2. Stronger encryption

Hackers are always on the hunt for networks with outdated security settings. They’re much easier to break into, which is why configuring your encryption should be one of your first priorities.

Most routers include some form of encryption by default. If you’re required to enter a password to connect, you already have it set up.

But don’t move on just yet — there are different types of Wi-Fi encryptions, and some are much weaker than others. In fact, many routers even ship with options for outdated encryption settings. Picking the wrong one can leave your system a sitting duck for hackers.

The most popular Wi-Fi security right now is Wi-Fi Protected Access 2 (WPA2) encryption. This standard is over a decade old. If you’re shopping for a new router, see if it supports WPA3, which is the newest wireless standard available. Tap or click here to learn more about the benefits of WPA3.

To check your encryption settings, go back to the router’s admin menu. You should be able to find encryption under the “Wireless” or “Security” menu. If you still have an older router, select one that starts with “WPA2.”

If your router is not WPA3 compatible, “WPA2-PSK AES” is the next most secure option. If you have older gadgets on your Wi-Fi network, you might have to select “WPA2-PSK AES + WPA-PSK TKIP” to get them working.

This is a hybrid setting that keeps the benefits of WPA2 while leaving compatibility for older, less secure devices. If your main network is securely encrypted, they’ll be safe to use.

Most importantly: Never choose “Open,” which means no security at all. The same goes for WEP, which is a highly outdated standard that’s easily hacked.

If you only see options for WEP or WPA, try to update your router’s firmware using the instructions above; otherwise, you may need to buy a new one. If you’re still not sure, check the manual for your router.

Don’t have your manual anymore? Tap or click here to access ManualsOnline, which has hundreds of thousands of manuals for products across the board.

3. A built-in firewall

© Christian Bridgwater | Dreamstime.com

One of the best security tools built into your router is the firewall. It’s designed to prevent external access to your network — even if intruders know your router’s location and IP address. Best of all, nearly every router from the last decade includes one in some form or another.

Not every router labels its firewall the same, but you can usually find this feature under your router’s advanced settings like “NAT filtering,” “port forwarding,” “port filtering” or “services blocking.”

These settings let you tweak your network’s incoming and outgoing data ports and protect them from outsiders. But be extremely careful with these settings. Your default firewall is usually enough, and misconfiguring your ports can knock you off the web or make it easier for hackers to break in.

If you do make a mistake in this area, call your ISP. A trained repair technician will know the optimal port settings for your service.

4. Optimized Quad9 DNS settings

DNS settings translate the location codes of a website into a web address you can access. Most routers assign specific DNS settings by default, but this is something you have the ability to change; and you should if you want to avoid sketchy websites known for spreading malware, stealing personal information and fraudulent activity.

Check out the Quad9 Domain Name System service, maintained by cybersecurity advocates at IBM and The Global Cyber Alliance. It’s designed to protect internet users from accessing those creepy sites and even blocks known remote hosts that can attack other IoT devices on your network with botnets and malware.

These settings check any links you click against IBM’s threat intelligence database, which contains more than 40 billion webpages. This helps prevent you from getting trapped or tricked by malicious websites.

To learn how to set up Quad9, visit the official website and scroll down to the setup videos. Choose the appropriate video for your Windows or Mac operating system and follow the instructions.

5. No remote access

Have you ever had a technician take over your computer while you were on the phone with them? If so, you’re already familiar with “remote administration,” which is commonly used in tech support.

But scammers and hackers can take advantage of this feature too. In fact, remote desktop management is one of the pillars of several security flaws found in Windows. Tap or click here to learn more about a frightening remote access bug that affected Windows users.

When it comes to your router, you’re better off disabling these settings altogether. This means you can’t get remote help from ISP technicians over the phone, but it also closes a major entry point into your network for hackers. It’s always better to be safe than sorry.

While you’re in the router’s admin page, turn off remote administration. You can usually find this in your router settings under the “Remote Administration” heading.

Bonus: Get a stronger network with more coverage with eero’s mesh network system

Each item on this list is an important factor to consider when purchasing a new router. But of all the manufacturers on the market, eero and its TrueMesh system manage to hit every single mark.

The routers sold by eero make up what’s called a “mesh network,” which means it’s composed of several “mini routers” that work in tandem to bring you fast, secure and stable internet connections.

Not only that, but eero’s systems are easy to set up, update automatically and include an array of top-notch security systems that encrypt your connection and keep your data secure.

Once installed, eero’s TrueMesh software begins learning from and optimizing your space, devices and network usage. That means every device gets a reliable connection all the time, everywhere in your home.

Get free overnight shipping by visiting Eero.com/Kim and use promo code Kim at checkout.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now