What Settings Should I Change On My Wi-Fi Router?

Dear Lifehacker, I just moved into my first apartment, and bought my first Wi-Fi router. It's a standard Linksys "blue box" and seems to work fine, but I'm wondering — are there any settings I should be looking to change? Signed, Curious about Configuration

Photo by webhamster.

Dear Curious,

Good question! For most broadband home users, a Wi-Fi net connection "works" once you plug in the cable and power on the Linksys box, but there's more to having a secure, convenient and easy-to-use network than just connecting.

Head to your router's administration page by connecting to your router (usually linksys), opening a browser to it (usually 192.168.1.1), and entering the default username and password (written in the manual, but usually some combination of "admin", "default" and blanks).

I'm recommending at least four changes and look-intos for the typical router:

Change the Administrator Password

If you set up your router with an installation CD, there's a chance you've already tackled this step. If not, head to the "Admin" or "Administration" tab in your settings, and in the main "Management" tab, change that password from whatever its default is.

Why bother? If you're going to leave your network "open" mdash; or not requiring a password to connect — it's crucial to have your router administration password in place, as anybody who's half-familiar can point to 192.168.1.1, use a site like RouterPasswords.com, and then do ... well, all kinds of hincky stuff. Even if you're going to password-protect your system, it's still a smart idea to prevent anyone from messing with your settings.

Want to lock down administrative access even further? Turn off "Wireless Web Access" from this password page. Maybe it's too much of an annoyance to require that router configuration changes require a physical cable connection, but it's also a good way to ensure only those inside your house can mess with your network.

Change Your Security Settings

Even if you've already set up a password for your network, head to this page. It's under the "Wireless Security" section of the Wireless tab — and not under "Security", a design decision I've never quite fathomed.

If you haven't set up a password, do so now. As with any net-related password, don't make it weak. Use non-dictionary words, add numbers and special characters, and make it as long as you can remember. And change the security mode to WPA2 Personal. WEP is easily cracked, as noted above, and the first WPA has proven fairly easy for hacker-types to get into. WPA2 Personal isn't perfect, but it's the home networking security standard at the moment, and most devices made in the past few years can connect through it.

Open and Forward Any Needed Ports

If you're a BitTorrent user, good software like uTorrent should be able to automatically find an open port and connect through it. If it doesn't work, or if you need to pull off more advanced home network tricks, like screen control from outside your home, encrypting outside browsing through a home SSH proxy or giving tech support with a VNC connection, you'll want to open up the "Port Range Forward" section under the "Applications & Gaming" section.

The layout is a bit confusing, but it's actually a simple setup. Name your port whatever you'd like for reference in the "Application" field, add the port "range" in the two "Start" and "end" fields (usually they're the same number, for a single-number "range"), then choose the IP address of the computer you'd like incoming requests routed to, and click "Enable". In other words, if you want incoming SSH requests sent to your main desktop, add an "SSH" entry, assign it a port (22 is standard, though you can change it for more security from scanning attacks), and direct it to your home desktop's IP address.

But, wait, how do you know which IP address your home computer is on, and how do you reach it from, say, Panera? Good question! We'll tackle that in this next section.

Set Up Dynamic DNS

In the Setup tab, there's a "DDNS" section that allows you to hook up your router to a Dynamic DNS service, like our personal favourite, DynDNS. Gina previously covered the setup of your router to DynDNS in her guide to assigning a doman name to your home web server. Follow her steps, and when you want to remotely access your home computers, you can point your software to something like samsmith.dyndns.org, instead of trying to guess what IP address your ISP has assigned you.

You'll also need to make sure your home computers stay on the same internal IP addresses assigned to them by the router — 192.168.1.105 and the like. Adam's covered that in his remote BitTorrent guide. The basic explanation is that you set your steady, almost-always-on computers to an IP address that's lower than the "dynamic", changing numbers given out by your router.

Those are four settings we recommend peeking into as a new router owner. We are, however, just one crew of geeky Wi-Fi users. Good luck with your new router, and may your browser never tell you of pages not found,

Sincerely,

Lifehacker

P.S. — If our readers have any suggestions on what router settings to change for better access, speed or connectivity, we welcome them to share, and we'll try to update the post with any good tips.

WATCH MORE: Tech News

Comments

    Don't set up ddns unless you actually need it. By creating a ddns entry, you are inviting hackers to 'try' to get in to your network. It's like having a phonebook entry - without one, you are a little bit less easy to find.

    (at least I've found, when trawling through my logs, that with ddns active there are a lot more portscans and attempted ssh connections than without)

    You Should probably enable UPnP too, if it is not on by default.

Join the discussion!