5 Router Settings You Should Change Now!
**Enhancing Your Router Settings: A Comprehensive Guide**
In today's digital age, our routers are the backbone of our internet connectivity. While most users set them up once and forget about them, there are several settings that can be tweaked to boost security and performance. This guide delves into five key router settings you should consider adjusting, along with additional tips to optimize your network experience.
---
### 1. **Securing Your Router with a Strong Password**
Your router's admin password is often the first line of defense against potential breaches. Many routers come with default passwords like "admin" or "password," which are easily exploitable. Changing this default password is crucial for security.
To access your router settings, open a web browser and enter the router’s IP address (commonly 192.168.1.1 or 192.168.0.1). Once logged in, navigate to the administration section to change the password. If you're unsure of the current credentials, consult your router's manual or manufacturer’s website for defaults.
---
### 2. **Disabling Universal Plug and Play (UPnP)**
While UPnP simplifies port forwarding by allowing devices to open ports automatically, it poses significant security risks. Hackers can exploit this feature to gain unauthorized access to your network.
To disable UPnP:
1. Log into your router's admin page.
2. Locate the "Advanced" or "Network" settings.
3. Find the UPnP option and turn it off.
This step enhances security without affecting regular internet use, though you may need to manually forward ports for specific applications like gaming servers.
---
### 3. **Optimizing DNS Settings**
DNS (Domain Name System) translates domain names to IP addresses, crucial for accessing websites. Using default ISP-provided DNS can be slow or lack features like malware blocking.
Consider switching to public DNS services:
- **Google DNS**: Primary: 8.8.8.8, Secondary: 8.8.4.4
- **Cloudflare DNS**: Primary: 1.1.1.1, Secondary: 1.0.0.1
These options offer faster performance and additional security features, such as blocking malicious domains.
---
### 4. **Adjusting Wi-Fi Channel Width**
Your router operates on channels within the 2.4 GHz and 5 GHz bands. Broader channel widths (e.g., 40 MHz or 80 MHz) can increase speed but may lead to interference in crowded areas.
- In densely populated regions, stick with narrower channels (20 MHz) for better performance.
- If you live in a less congested area, wider channels can enhance speed and range.
For optimal results, monitor your network environment and adjust settings accordingly.
---
### 5. **Disabling Wi-Fi Protected Setup (WPS)**
WPS simplifies device connectivity with a button or PIN, but it's notoriously insecure. Many users never utilize this feature, making its disablement a simple yet effective security measure.
To disable WPS:
1. Access your router’s admin page.
2. Navigate to "Wireless" or "Advanced Wireless Settings."
3. Locate and turn off the WPS option.
---
### Bonus: Disabling Remote Administration
Remote administration allows external access to your router settings, a potential security risk. Ensure this feature is disabled in the "Administration" section of your router's settings.
---
### Additional Tips for Enhanced Security and Performance
- **Firmware Updates**: Regularly update your router’s firmware to patch vulnerabilities and enhance performance.
- **Encrypted DNS**: Consider enabling DNS over HTTPS (DoH) for added privacy and security.
---
**Exploring Further**
For deeper insights, explore topics like encrypted DNS and network monitoring tools. The video mentioned Mine.com, a tool helping users reclaim their data by identifying companies with whom they interact. Visit SayMine.com to analyze your data footprint and manage privacy effectively.
By implementing these changes, you can significantly enhance your router's security and performance, ensuring a safer and faster online experience for all devices on your network.
"WEBVTTKind: captionsLanguage: enFor many of us, after you get your WiFi and router initially set up, you don't think about it again, unless of course it starts acting up. But there are a lot more settings for your router than you’re probably aware of, and some of them you might want to change, for either security or performance reasons. So in this video I’m going to go over how to actually find these settings, 5 in particular, and explain why you might want to change them depending on your circumstances. And don’t worry about any technical terms, I’ll explain everything in a way hopefully everyone can understand.Speaking of security and privacy, which by now you should know I care a lot about, let me tell you about today's sponsor, Mine. Mine lets you find out which companies have your data, and let's you control where you do or don't want to keep it. You start out by going to SayMine.com, and just sign in with your email account you want to analzye, and give it a minute to do it's thing.Mine will only analyze only the subject line and sender of the email, plus with some other metadata to figure out which companies you've interacted with, but as their privacy policy states, they don't collect the content of your email for the analysis. Then when it's done, it shows you the results. For myself there are over 250 companies that have data on me... hmm not sure how I feel about THAT.On the 'my footprint' page I can see a selection of these companies, but I can gather up the courage to look through the entire list, which I can assure you is eye-opening.By clicking on a company, it shows me for example that EA stores info like my financial and identiy data, as well as online behavior, in addition to having a somewhat elevated exposure risk. And here's another company that I barely remember signing up for but never ended up using, and I don't really want them having my data. So I can just click reclaim, and it will compose an email that will be sent directly from my inbox to the company.And this is important because companies generally only honor requests coming directly from the person. Then, after you allow it to send the email, you can track and review your requests and cancel it within an hour if you change your mind.And since privacy is important for business too, Mine has created a solution for companies to help manage their own privacy operations, including automation of handling requests from consumers. So if you want to start reclaiming your own data, be sure to visit SayMine.com now and sign up. And I'll also put that link in the description. And with that all being said, let's continue.Alright so first off is how to actually get to your router’s settings, but if you already know how to do that you can just skip ahead with the chapters. Now this will vary slightly depending on your brand of router, but is mostly the same. So just open up your usual web browser and go to the URL bar. Here you’ll need to enter the default network address of your router, which is in the form of an IP address. The most common ones are going to be either 192.168.1.1 or 192.168.0.1, but there are a few other less common ones I'll just put on the screen here. If none of these work, try Googling the specific model number of your router plus “admin login page” or “config ip address”, something like that, to find it. In some cases, it might be printed on the bottom or back or the router, and it may even be like this Netgear one that says “routerlogin.net” which redirects to the IP address at 192.168.1.1, so both work in this example.After you get to the login page, unless it had you change the password when you first set it up, you’ll have to get the default login for your router. It might also say it right on the router itself like it does with this one, where it’s just ‘admin’ as the username and ‘password’ for the password. And actually, no matter what router you have, I would just try that first because it’s the most common: Admin+Password. If it doesn’t tell you on the router itself, and the admin/password combination doesn’t work, again just Google the model number and “default admin password” to find it. Or you can try instead of the model number the router brand because each manufacturer usually uses the same login on all their models anyway.So once you're able to log in, we’re ready to talk about the main topic, the actual settings. And starting off with number 1, let’s just get this one out of the way, but you gotta change that default password. Not the WiFi password, but the one to access that admin page. Imagine for example if a virus were to infect one of your computers, and your router has the default password, then it could theoretically go in there, change a couple settings, and then redirect your entire network’s traffic wherever it wants and do who-knows-what with it.The settings pages are all going to look different across brands and models, but in most consumer routers there’s usually a section somewhere called “Administration” or something similar, so just look for that. And in this case, it’s under an Advanced tab, then under Administration it says “set-password”. And of course for all of these, you can just consult the official support page for your particular model.Onto number 2, this one will take a bit of explanation so bear with me, I do consider it important. And that is a feature called Universal Plug and Play, which is usually abbreviated as “UPnP”. It's enabled by default on most routers these days, but many people in the security industry consider it too much of a security risk to leave enabled. The feature does serve a legitimate purpose, and the technical explanation is that it allows any program from within your network to open ports on your router’s firewall and forward them to your computer. Now in regular terms, imagine your internet connection being a highway with a whole bunch of lanes [over 60,000 actually], which are the ports. And the firewall is like a toll booth or checkpoint that allows or blocks all ‘packets’ of data, which you can think of like cars, based on rules. For the most part, all traffic is allowed to be sent out unless there’s some specific block rule for it, but it only lets data in if it’s basically a response to something that went out first. That’s a simplified explanation but it’s the general idea. And for 99% of programs, this is all that’s needed.In some cases though, someone might use a program that needs to receive unsolicited connections, such as actually hosting a game server, doing peer-to-peer file sharing, stuff like that. In that case, for the program to work properly, it needs to have one of the ports open, so for example some random player on the internet can request to connect to your server. For this one option is to go in to the router and manually forward the ports to your computer, so the lane goes directly to your computer and the program can then listen to that lane (port). Or the other option is Universal Plug and Play, which lets any program just open whatever ports it needs. That’s fine and dandy until some clever virus or exploit comes along and then is allowed to just open every port on your router to your computer. Now your computer should have it’s own firewall, but presumably the virus or exploit would also be trying to mess with that at the same time.And by the way this isn’t just speculation, there have been several UPnP exploits in the past. So my recommendation is find this setting in your router, disable it, and see if it causes any problems. I can almost guarantee that you will not notice a difference, but if you do randomly have unexplained connection issues with certain programs, you can always try re-enabling it. If you find it is needed for something you use, you can either just keep UPnP enabled, or if you’re willing to put in a bit of effort, you could look up the ports used by that program and forward them yourself manually. It’s really up to you.Ok next up number is 3, which is your default DNS server. And no, it's not as boring as it sounds, I actually think you’ll find this one cool, and it’s useful for more than you might assume initially. DNS stands for Domain Name System, but you don’t need to know that. How this works is when you enter a domain name for a website, like “YouTube.com”, your computer needs to get the IP address to connect to it. And the DNS server is the thing your computer asks to translate a domain name to an IP address for it. It doesn’t router all your traffic through the DNS server, your computer just asks it for the website’s IP address, then once it has it, you connect directly to the website you want using that IP address.By default your router and computer will just use the DNS servers automatically provided by your internet service provider. However, if you want to get fancy, there are other free DNS providers out there you can choose to use, that may be significantly faster than your ISP’s, or have additional features such as malicious domain blocking. For example, even Google provides a public DNS server anyone can use. These DNS settings might be under something like Network Settings, Internet Settings, or maybe Advanced settings, but again it’s going to vary, so you’ll just have to find it yourself, but it will be in there. Regardless though, you’ll almost always be given two settings, the Primary and Secondary DNS servers, both of which the DNS provider will tell you.One example like I mentioned is Google’s DNS which is known to be pretty fast, and the IPs for those primary and secondary are 8.8.8.8 and 8.8.4.4. Another one I like is Cloudflare’s DNS, the default of which is 1.1.1.1 and 1.0.0.1, but they also have other options like a malware domain blocking one, and even one for blocking malware and adult content for those with kids. The malware blocking isn’t a guarantee obviously, and again only blocks malicious domains, it’s not like it can scan your traffic and see what you’re downloading, but it’s a nice extra layer.As a side note, you can also change the DNS setting for your individual devices, instead of the whole network on your router.Alright onto number 4, we have the Wi-Fi channel width, what does that mean. Basically, a certain range of frequencies is allocated to be used by Wi-Fi, and this range is split up into smaller ranges called channels. The default size of these channels is either 20 Mhz or 40 MHz, depending on whether you’re using the 2.4 GHz or 5 GHz “band”, which is what is meant when a router says it’s “dual band”.Anyway, almost all routers will let you do what is called “channel bonding”, which just lets your router broadcast on not just one channel, but multiple next to each other, literally allowing more bandwidth and faster speeds. On some high-end routers, you can even combine up to eight 5GHz channels. However, that doesn’t mean everyone should just go and choose the biggest bandwidth they can. If you live in an area with a lot of other Wi-Fi networks like an apartment building, it’s probably better off to just keep the default 20 MHz, or 40 MHz for 5GHz. Because the wider the channels you’re using, the more you’ll be getting interference from other people’s routers on those channels. Whereas if you keep the default, you’re a lot more likely to have a whole channel to yourself, and maybe end up getting better range and speed that way.However, if there is not a ton of WiFi interference around you, like you live in a house with a decent amount of space between neighbors, you can probably get away with 80 MHz wide channels. And this is for the 5GHz band by the way, the 2.4 GHz band literally only has three 20 MHz wide channels, so you probably won’t want to go higher than 40 MHz wide there.As for the 160 MHz wide option, I’d only bother with this if you are somewhat far from neighbors, and even still this one is a bit trickier because it will spill into what are called “DFS” channels. That’s a whole other topic, but you probably want to just avoid the complication. The super quick explanation is because of certain laws in the USA at least, your router is required to give priority to any radar signals it detects, like weather radar, which shares some of those WiFi channels, and will literally stop broadcasting for a while if it does, from my understanding. So if you live far from your neighbors, you can may be give 160 a shot and see how it goes, it might not be a problem but just be aware of that.A final quick note here, is apparently in some routers like this one, it doesn’t actually have you select the bandwidth, but the maximum speed. I’m not even really sure how this particular one works, but I suspect it’s just doing things automatically here, so it might be better to just keep it at whatever it’s set by default. It might just be automatically choosing how much of a wide channel to use.Ok finally we come to number 5, though I do have a bonus one at the end. This one is fortunately way easier to discuss, and it is “Wi-Fi Protected Setup” or WPS. This is a feature built into a ton of WiFi routers that is supposed to make it easier to connect devices to your WiFi by just pressing a button, instead of having to type in a password. But everything I’ve read about it says it's just horribly insecure. And you can tell me, but I don’t think this is a feature many people use at all anyway. I’ve never used it and can’t recall anyone I know mentioning it, and a lot of devices don’t even support it. So if this WPS is something you don’t use, then definitely just disable it, and if you do use it, I mean you can decide for yourself, but I’d rather just spend the extra few seconds to type in the WiFi password, which you usually only do once anyway. The WPS setting will be somewhere under WiFi or Wireless settings, maybe even under Advanced Wireless settings, something like that. And you can verify your router has the feature by just looking for a physical button labelled ‘WPS’ somewhere on it. The actual setting name might be different too, in this router it has WPS Settings then has a setting for “Enable Router’s PIN” which is how you disable it, since it connects with a pin number. But it could literally just say “Enable WPS” or something like that, you’ll just have to look for where it talks about WPS.Alright now this next setting is an extra ‘bonus’ one because it should be disabled by default already, but you really want to make sure that is the case. It’s a setting called “Remote Administration” and you should absolutely disable this if it’s not already. Basically it makes it so no one outside your own local network can try and log into your router, or in other words NOT just anyone from the internet, which is a no brainer. And this setting is probably somewhere under something like “Administration” or whatever. And if you are someone who for some reason does need this feature, you know who you are anyway.So at this point you probably know a little bit more about your router, and can feel better about the security too, and you might even get some better performance from it.Thanks again to Mine for sponsoring the video, and be sure to visit SayMine.com to start reclaiming your data too. The link is also in the description.If you want to keep watching, the next video I’d recommend is a video where I talked about encrypted DNS, aka DNS over HTTPS, which you can watch here. If you want to subscribe also be sure to click the bell to enable notifications, I only post videos about twice a week so you don’t want them getting lost in the rest of your subscriptions. So thanks so much for watching, and I’ll see you in the next one.\n"