After tweaking the router settings, you should log out of the device. Staying logged in puts your router at risk of being hit by cross-site request forgery (CSRF) attacks from malicious websites. These are attacks that attempt to issue requests to the router via the authenticated information stored in the browser.
Having a strong password is especially important if you are planning on enabling the router’s remote management feature that exposes the router login to the Internet.
CHANGE THE DEFAULT WI-FI PASSWORD
While you are logged in, you should probably also change the default Wi-Fi passwords. Although manufacturers usually generate unique default Wi-Fi passwords for each router, often stickered on the device, you probably want to change the password to your own rather than trying to remember another Wi-Fi password.
RENAME THE WI-FI NETWORK
You should rename the default Wi-Fi network name (SSID) too. Doing so will make it easier for you to find your SSID, especially if your neighbours also happen to own a router from the same manufacturer. It may even indicate to would-be hackers that you are tech-savvy enough to change the SSID, and perhaps they will look for an easier target.
On a related note, security experts agree that hiding your SSID does not help against would-be hackers as it is not difficult to unmask a concealed SSID. It just gives a false sense of security and inconveniences legitimate users.
UPDATE YOUR ROUTER’S FIRMWARE
Keeping your router updated with the latest firmware is essential, as such updates usually happen when manufacturers patch security vulnerabilities. New firmware may also fix other bugs and even improve the router’s performance.
Most modern routers let you download the latest firmware directly from the router settings. If not, you can find the updates on the manufacturer’s website.
PREVENT WEB SCRIPTING ATTACKS WITH BROWSER EXTENSIONS
Browser extensions like NoScript (Firefox) and uMatrix (Chrome and Firefox) can prevent CSRF attacks by blocking JavaScript or Flash code from being executed by malicious websites. These extensions also offer the ability to whitelist trusted sites so that you can use legitimate Web pages like your bank’s websites normally.
An additional step to prevent CSRF attacks is to change the default IP address used by routers, such as 192.168.0.1 or 192.168.1.1 to your choice of IP address. This makes it harder for hackers, especially if they are using a generic scripted attack that targets certain router models.
TURN OFF UNNECESSARY FEATURES
Some networking features, such as Universal Plug and Play (UPnP), and Wi-Fi Protected Setup (WPS) are useful, but they can be exploited under certain circumstances.
To err on the side of caution, you should check that they are disabled in the router’s settings.
Most modern routers turn off UPnP by default.
WPS poses less of a risk as it requires the hacker’s device to be physically close to your router.
BUY AN ENTERPRISE-GRADE ROUTER
Networking vendors devote more resources to their enterprise products as businesses have higher security requirements.
These routers will cost more than consumer routers, but the added security features, such as a built-in firewall with intrusion detection, may be worthwhile.
The downside is that these routers are not as easy as home routers to configure and use.