How to tell if someone hacked your router and how to fix it

Tips & tricks
8 mins

Your Wi-Fi router is an important part of your home, keeping your devices like laptops, phones, and TVs connected to the internet. That’s why it’s important to keep it safe from hackers, who could try to access it simply by guessing the login credentials or via software vulnerabilities.routerrouter

This article will guide you through identifying signs of a hacked router, steps to address the issue effectively, and strategies to fortify your router against future attacks.

How can a router be hacked?

When we think about a hacked router, it’s primarily referring to two methods used by an attacker to take over your router or interfere with your activity:

Compromised login credentials. Often a hacked router means someone has gained unauthorized access to your router by knowing the credentials for logging in. From there, an attacker can reconfigure your router settings and even access the Wi-Fi logs to potentially see what sites you’ve been visiting. This is why you must change the login credentials from the default when you set up your router.

Firmware vulnerabilities. Firmware refers to the router’s software. A hacker could exploit vulnerabilities in a router’s DNS settings to redirect users to phishing sites, malware distribution servers, or other malicious destinations. The attacker could also intercept DNS traffic passing through the router and modify the responses sent by legitimate DNS servers. 

Signs that someone hacked your router

There are several signs that your router could be compromised. Make sure you check everything carefully so that you don’t miss a stealthy hack.

1. You can’t log in to your router’s settings

If your login credentials no longer work and you’re sure you’re entering them correctly, an unauthorized user may have changed them, indicating a breach. Of course, make sure you’ve actually checked that the credentials are correct and no one in your household has changed them. 

2. Unknown devices in your network

Discovering devices you don’t recognize on your network could mean someone else has gained access and connected their devices without your permission. If they’re actually unknown devices, it’s a pretty serious thing. However, remember that devices often only have a random character string as a name instead of the actual device’s name. Try disconnecting devices to see if they disappear from your list. If they don’t, your router could be hacked.

3. Slow internet speeds

A sudden, unexplained slowdown in your internet speed might suggest that your network is being used by unauthorized users, consuming bandwidth without your knowledge. Internet speeds are different for everyone, so when checking this, consider whether your internet speed is slow and whether it’s changed for the worse. Increased usage could leave very little bandwidth for your regular activity, making everything sluggish.

4. Increased data usage

Noticing an unexpected spike in your network’s data usage can indicate that a hacker is actively using your connection, possibly for data-heavy activities. This could easily go under the radar, especially if there is no data limit on your connection.

5. Redirects to unfamiliar websites

If clicking on links or typing in addresses takes you to unexpected or unfamiliar websites consistently, it could be due to malicious changes in your router’s DNS settings. This could indicate that a hacker already changed your router’s settings, and it’s also an obvious sign that either your device or entire network is hacked. Do not enter any information or click on any links on the redirect sites.

6. Unusual network activity

Spotting strange outgoing connections or network activity at odd hours when no one is using the internet could indicate that your router has been compromised.

7. Disabled security features

Finding that your router’s firewall or other security features have been disabled without your input strongly indicates unauthorized access to your router settings. Other changes could include lowering the Wi-Fi’s encryption standard or reverting to an older one.

8. Phishing attempts

Receiving phishing emails or messages that seem to be from your ISP or other trusted sources asking for personal information can result from compromised router security used to gather more of your personal data.

What happens if my router is hacked?

When your router is compromised, it becomes a gateway for attackers to access every device connected to your network. This breach can lead to several bad outcomes. Personal information, such as financial details, passwords, and emails, can be intercepted, risking your privacy. Hackers might also infect connected devices with malware or ransomware, leading to data loss or extortion attempts.

A hacked router can be used to launch further attacks, turning it into a part of a botnet to execute distributed denial-of-service (DDoS) attacks against other networks or websites. Additionally, your internet connection could be exploited for illegal activities, with your IP address leaving a digital footprint, falsely implicating you.

The security of your entire network hinges on the integrity of your network and, therefore, your router. So, making sure that it’s safe should be a priority.

How to fix a hacked router

If you suspect your router has been hacked, taking immediate action can help mitigate potential damage and secure your network against further unauthorized access.

1. Disconnect from the internet

The first step to fix a compromised router is disconnecting it from the internet. This halts any ongoing malicious activity and prevents the hacker from continuing to access or control your network remotely. The easiest way to disconnect is by unplugging the internet cable from the back of the device. It’s usually labeled “Internet” or in blue. This will not disconnect your device from the network, it just disconnects the network from the internet.

2. Perform a hard reset

Performing a hard reset restores your router to its factory settings, wiping out any configurations, including malicious changes made by hackers. Locate the reset button on your router—usually a tiny, recessed button—and press it for about 10 seconds.

For this step, connecting to the router through an ethernet cable is best. Remember that this step will reset the network’s name (SSID) and password, so they’ll revert to the defaults. If you can’t find the button, consult your router’s manual.

4. Change the default access credentials

After resetting your router, immediately change the default login username and password. Hackers often exploit routers with default credentials. Choose a robust and unique password to enhance security and prevent future breaches.

Usually, routers have an easily guessable username and password, such as “admin.” By changing these, you will have an additional barrier of entry to the network’s settings.

5. Update the router’s firmware

Manufacturers release firmware updates to address vulnerabilities and improve security. Check your router manufacturer’s website for the latest firmware version and follow their instructions to update your router. 

If you’re serious about security, consider a VPN router. ExpressVPN makes its software available for installation on many popular routers so you can secure every device that connects to your network, ensuring your information is safe. However, we recommend Aircove, our own router with ExpressVPN preinstalled.

How to protect your router from getting hacked

Now that you’ve removed any hackers from accessing your router, it’s time to get more proactive. You can take several steps to protect your router from getting hacked. Make sure you follow these, as it will vastly improve the security of your network.

Regularly update the firmware

Manufacturers often release firmware updates to patch security vulnerabilities. Regularly checking for and installing these updates can protect your router from exploits. Some router software, like ExpressVPN’s own router firmware, offers auto-updates, so you don’t have to do anything to ensure you have the latest version.

Change default admin credentials

Default usernames and passwords are easily guessable. Changing these to unique, strong credentials is critical in securing your router against unauthorized access.

Connect to your router, log in with the default credentials, and change them to something hard to guess. Here, you should follow standard password practices, such as using long passwords that combine numbers, uppercase letters, lowercase letters, and symbols.

Enable strong encryption

Use the strongest encryption setting available on your router, preferably WPA3. If WPA3 is unavailable, WPA2 is the next best way to encrypt your wireless network. This makes it harder for hackers to intercept your data.

Additionally, even if you use WPA2/3, ensure you actively turn off compatibility with older encryption standards, such as WEP. Otherwise, they could still pose a threat.

Disable features not in use

Features like remote management or WPS (Wi-Fi Protected Setup) can introduce security risks if they are not properly secured. Turn off these features to minimize potential vulnerabilities if they are not in use.

Remote management is the biggest threat here. It’s what allows access to your router’s configurations through the internet. Unfortunately, this includes hackers.

Don’t reveal information on your network’s name (SSID)

Customize your network’s name (SSID) to something that doesn’t reveal personal or location information. Avoid names that make your network an obvious target for hackers.

SSIDs such as your actual name, apartment, or street number can help hackers associate your network with you as an individual, making it easier for them to try and guess more about you.

Create a guest network

Guest networks usually work with another separate but similar SSID, which only allows devices to connect to the internet but not to connect to other devices in the network.

Setting up a separate network for guests can protect your main network’s security. This limits access to your main network’s devices and sensitive information.

Use a firewall

Many routers come with built-in firewall capabilities. Ensure your router’s firewall is enabled to add an extra layer of defense against external attacks.

You can usually find the firewall settings in the router’s configuration. Log in again, and turn it on. Usually, the default settings provide solid security out of the box, so only change the firewall settings if you feel comfortable doing so.

Invest in a secure router

Consider investing in a router with advanced security features and regular firmware updates. A secure router can provide a more robust defense against cyber threats.

ExpressVPN offers its own Aircove router for greater privacy and security with ExpressVPN functionality. You’ll need to have an active subscription to ExpressVPN to use VPN functionality, but it otherwise works as a high-quality Wi-Fi 6 router.

FAQ: About hacked router

How can I tell if my router has been hacked?
What should I immediately do if I suspect my router is hacked?
Is it safe to use a mobile hotspot if my home router has been compromised?
Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

Router with padlock.
Install ExpressVPN on your router—it’s included with your subscription!
Need a subscription?