Home Router Hardening Checklist: 10 Settings to Change Right Now

Most consumer routers ship with settings optimized for convenience rather than security. Out of the box, your gateway is likely broadcasting its model number, responding to external pings, and utilizing weak authentication protocols that are trivial to bypass with modern hardware. Hardening your network perimeter is not just about choosing a long password. It requires a systematic approach to disabling legacy features, segmenting traffic, and closing backdoors that manufacturers leave open for support purposes. This guide provides a technical checklist to transform your router from a vulnerable entry point into a robust first line of defense. 1. Disable WPS and UPnP Immediately Wi-Fi Protected Setup (WPS) is a massive security hole. It allows devices to join the network via an 8-digit PIN that is vulnerable to brute-force attacks using tools like Reaver. Even if you use a complex WPA2 or WPA3 password, an attacker can bypass it by cracking the WPS PIN in a matter of hours. Disable WPS