Your home network is the foundation of your digital security. Everything connected to it β phones, laptops, smart TVs, cameras, smart speakers β depends on that router working securely. Most people never touch these settings, which makes home networks a prime target.
Start with the Router
The router is your network's front door. The first step: access your router's admin panel (usually by typing 192.168.1.1 or 192.168.0.1 in a browser) and change the default admin password. Manufacturers ship routers with well-known default credentials, and credential-stuffing attacks actively target them.
While you're in there, also:
- Update the firmware β Router manufacturers push security patches. Enable auto-update if available.
- Change the WiFi password to something strong and unique (use your password manager)
- Use WPA3 encryption if your router supports it, otherwise WPA2-AES. Never use WPA or WEP.
- Disable WPS (the push-button setup feature) β it's a security backdoor
Network Segmentation with Guest Networks
Most modern routers support creating multiple networks. Use your primary network for computers, phones, and tablets. Create a separate guest network for IoT devices (smart plugs, cameras, robot vacuums). This matters because IoT devices are notoriously insecure β if one gets compromised, segmentation prevents attackers from jumping to your main devices.
The IoT Device Problem
Smart home devices are convenient but they're also surveillance devices that run software rarely updated. In 2026, it's still common for IoT devices to have hardcoded passwords, unencrypted network communication, and no security update mechanism.
Practical steps to secure them:
- Research before buying β Check for security reviews at places like Mozilla's Privacy Not Included guide
- Change default credentials on every device immediately
- Keep firmware updated when manufacturers push updates
- Use a strong WiFi password and WPA2/WPA3 encryption
- Disable features you don't use like remote access or cloud services if you don't need them
- Put IoT devices on the guest network, isolated from your computers
DNS Filtering: A Simple Security Upgrade
Changing your router's DNS settings to use a privacy-focused DNS service can block malicious websites, advertising domains, and tracking at the network level β protecting every device automatically without installing anything.
Recommended options:
- Cloudflare 1.1.1.2 β Blocks malware and adult content, very fast
- Quad9 (9.9.9.9) β Blocks known malicious domains, non-profit, strong privacy policy
- NextDNS β Customizable blocking and monitoring for $1.99/month
On most routers, DNS settings are in the WAN or Internet settings section. Set primary and secondary DNS servers there, and every device on your network benefits.
VPN on Your Router
For advanced users, configuring a VPN directly on your router means every device is protected automatically β even devices that don't support VPN apps natively (like smart TVs, gaming consoles, IoT devices). This also means your entire network appears to be in the VPN's location, which is useful for streaming and privacy.
Many routers don't support VPN client configuration natively, but DD-WRT or OpenWrt custom firmware can add this capability to supported devices. Or buy a router with built-in VPN support from a manufacturer like Asus or Netgear.
Monitoring What's Connected
Most routers have a "connected devices" list. Periodically check this to see what's on your network. Unknown devices can indicate your WiFi password has been compromised, neighborθΉη½, or a compromised IoT device. You can often block unknown devices by MAC address or change your WiFi password if you suspect compromise.