How to Stop People From Using Your Wi-Fi

Unauthorized access can slow your network speeds — and open major security risks

A cable being unplugged from a router.
  CASEZY / Getty Images

Kicking people off your Wi-Fi network is easy; it's detecting them that's hard. At best, you won't even notice unauthorized users, like the neighbor kid who fancies himself a hacker to bypass his parents' shutdown of Wi-Fi at bedtime.

People who willfully break into your network don't have your best interests at heart — their misuse of your network can slow your overall traffic speed and even introduce malware, expose sensitive files, or appear to access internet sites (like child-porn or terrorist pages) that might earn you a visit from the authorities.

Follow best-practice security guidelines and routinely monitor your router's access logs to minimize your risks from unauthorized home-network intrusion.

How to See Who's on Your Wi-Fi

  1. Find the DHCP settings, "attached devices" area, or a similarly named section.

  2. Look through the list of connected devices and isolate the ones that aren't yours.

These steps appear vague, but that's because the specifics are different for every brand of router. On most routers, you'll find a connected-devices table that shows every device to which DHCP leased an IP address, meaning that the list shows the devices that are currently using an IP address assigned by your router.

Every device on that list is either connected to your network through a wire or is accessing your network over Wi-Fi. You might not be able to tell which are connected over Wi-Fi and which aren't, but you should be able to use this information to see which devices, specifically, are accessing your Wi-Fi.

For example, assume you have a phone, Chromecast, laptop, PlayStation, and printer all connected to Wi-Fi. That's five devices, but the list you see in the router shows seven devices. The best thing to do at this point is to shut off Wi-Fi on all of your gadgets, unplug them, or shut them off to see which ones remain in the list.

Anything you see in the list after shutting off your network devices is a device that's inappropriately accessing your Wi-Fi network.

Some routers will show the name the connected devices use, so the list might say "Living Room Chromecast," "Jack's Android," and "Mary's iPod." If you have no idea who Jack is, chances are he's a neighbor stealing your Wi-Fi. 

How to Lock Down Your Wi-Fi

Blocking someone from your Wi-Fi can be as easy as changing your Wi-Fi password to something much more secure, then encrypting network traffic with WPA or WPA2 encryption.

The moment the router requires a new password that the connected devices don't know, all the freeloaders will disconnect from your network, unable to use your internet connection.

As an added precaution to help protect yourself from Wi-Fi hackers, avoid weak passwords and change the network name (usually abbreviated as SSID), then disable SSID broadcast. Changing the password and SSID and suppressing SSID broadcast appears, to most external users, as if the entire network went offline.

More Advanced Router Security

Think of network security as a race to outrun a bear: It's not important to be the fastest sprinter, it's only important to be a step ahead of the slowest runner before the bear eats its fill. There's no way to make a home network perfectly impervious to a suitably dedicated hacker who has the tools and skills to break into your network. But if you layer enough security practices, the hacker will pluck the low-hanging fruit first, reducing your relative risk of intrusion.

Practice "Defense in Depth"

Although it's not specifically related to your router's setup, it's a good idea to disable File and Printer Sharing in Windows. If a hacker gains access to your network, and all your files and devices are easily discovered from within your home network, your risk of data breach increases substantially. A "defense-in-depth" approach means you employ several different levels of security access instead of relying on just one strategy.

Start by implementing MAC address filtering on your router so that only the MAC addresses you specify (the ones that belong to your devices) are allowed to connect. This approach isn't foolproof — it's easy to spoof a MAC address — but this level of filtering adds one extra step to hack through and dissuades low-skill, opportunistic Wi-Fi leechers.

Similarly, limit DHCP addresses to the exact number of devices you regularly use so that no new devices are allowed an IP address even if they manage to get past your Wi-Fi password.

Most importantly: Disable Wi-Fi Protected Setup. WPS allows one-touch pairing of a device to your router. The problem, though, is that WPS is notoriously insecure. WPS-enabled routers usually get hacked within a matter of minutes, by following online tutorials that rely on easily available freeware.

Remain Vigilant

Baseline Precautions

Strong passwords, network encryption, disabled WPS, and non-broadcast SSIDs should be baseline security for your home router. So configured, your router will withstand most intrusion attempts by nosy neighbors.

If you live in a rural area, you're likely fine with just baseline precautions. To infiltrate your Wi-Fi network, a hacker must remain within Wi-Fi range, which, at best, is 300 feet or so from the router. If your house is 500 feet from the road and your nearest neighbor is a quarter-mile away, an attacker would need to be on your property to hack your Wi-Fi — a low-risk scenario.

But if you live in a dense urban area, or in close proximity to others (e.g., in a dorm), the risk increases. Advanced technology to brute-force attack Wi-Fi routers has long been available as freely downloadable, open-source tools. Software like Reaver will slice through even strong defenses without much difficulty, so you must periodically check your router's DCHP allocation tables to verify inappropriate access.

Set a task on your calendar to to-do list to periodically check your router's control panel. Look for unauthorized devices. If you use strong security practices but continue to be regularly penetrated, reach out to your internet service provider for assistance. Persistent, successful intrusion against a well-protected home network is a sign of trouble that's worth referring to your ISP.