How to Tell If Your Router Was Hacked and How to Fix It

It’s time for you to get to know your home internet router before the hackers could take control of your device and steal your data.
John Gormally, Author
Catherine McNally, Editor
Last updated Jul 14, 2022

With home internet becoming a huge part of our daily lives, how do we know if a hacker could see all of our online activity? Can we tell by looking at the blinking lights in the front of the router?

Not anymore, sorry.

Internet access has become a critical utility for most in the U.S. Without internet, you might lose connection to friends and family, your work, or even important online information.

Safeguarding your internet access is critical, and you can start by securing your internet router. We’ll help you determine whether a hacker has gained control of your Wi-Fi network or router and what you can do about it.

In this article
6 signs your router was hacked
How to fix a hacked router
How to prevent your router from getting hacked
Router security FAQs
Bottom line

6 signs your router was hacked

How do you know if a device is supposed to be connected or if your router was hacked?

These are several immediate indications that you should look for, including:

  • Emails, videos, and music playing slower than normal
  • Passwords not working
  • Applications not performing as expected
  • All your web searches on Google come back with the same response
  • Your device keeps asking for your username and password
  • Your background pictures on your display screen disappear
  • Your phone camera activates and begins to record you while you on the device

Yes, in some cases, the problem resides with your internet service provider (ISP) — you might call your neighbor to confirm if they have the same problem. If not, your router may have been compromised.

1. You can’t log into your router

Once you set up our home internet router, you rarely log back in. Once you decide to log in to check out why internet speeds have slowed to a crawl, you discover your administration passwords aren’t working.

Why can't you get in? Did you change the default username and password while setting up the machine?

If not, the hacker could have compromised the device after their scanning tools found the default passwords still enabled on your device.

2. You see unfamiliar software and apps on your device

It’s not uncommon for people to lose track of all the apps and software loaded on their devices.

If a cybercriminal has hijacked a home internet router, they have the means to connect to your device by redirecting you to a rogue website. This is called an HTTP redirect and is a common tactic hackers use. Imagine typing in Google search on your device and somehow you end up on a website in South Africa. If this happens to you, a hacker could be controlling your internet router.

3. You see unfamiliar devices on your network

Once you’ve logged into your internet router, the first tab you typically see is the network map on many Cisco Linksys devices. After reviewing the network map, many are shocked at the number of connected devices.

A screenshot of the network map inside the admin panel for a Linksys router, showing several devices that are all connected to the router.

Are these devices all mine? Seeing is believing. Could you imagine having all these devices share the same wireless network? No wonder your connection is slow.

Most everyday devices on the network will have a name associated with them: “Annie’s laptop,” “Kevin’s super fast Mac,” etc. If you notice a device you don’t recognize, click on its icon in the network map and set up parental controls to block the internet.

If someone comes screaming, you know that device should be on the network.

Don’t have access to a network map in your router's admin panel? 

We recommend you download a free copy of SolarWinds home monitoring solution. This tool shows all devices connected to your Wi-Fi network. Similar to the network map on the router, check it each month to look for rogue devices.

4. You receive ransomware or fake security messages

Are home computers also a target for ransomware? Absolutely. Could a ransomware attack also originate from a hacker that controls your internet router? Yes. During COVID-19, when many people began to work from home, several home networks also fell victim to ransomware attacks.

If you’re startled by a pop-up message on your network with someone demanding $10 million in Bitcoin or they will delete your files, this is a ransomware attack. Ransomware could have infected your device when you received an email that was too good to be true and clicked on something you shouldn't have. It happens.

What to do during a ransomware attack?

  1. Don’t panic. In many cases, the message is a fraud and your personal data is not encrypted.
  2. Disconnect your router for one hour to let all connections drop from your device.
  3. After an hour, hook your router back up to the internet. Then check the device you received the ransomware notification on to confirm whether you have antivirus or anti-malware enabled.
  4. If you do have antivirus or anti-malware software installed, reconnect the device to the internet. Go to your antivirus or anti-malware software, such as Bitdefender or Symantec, and click on the update button. Make sure your software also runs a full scan.
  5. The malware on the device should be removed.

Now, if this was an actual ransomware attack and your files are encrypted, you could restore your data from a backup from a day prior to the attack. If you have no backup, work with your local IT shop to help format your disk and reload your operating system.

5. Your web browsers all go to the same website

How did you end up on a foreign lottery website when you tried to watch a YouTube video?

Did your home page or web request get redirected to a website you didn't expect? Chances are your browser is being controlled by a hacker who could be next door or halfway around the world. This is called browser hijacking or DNS hijacking.

If you end up on an unexpected website often, try to use a different browser to see if you get redirected again.

If it keeps happening even with a different browser, try to send yourself an email and see whether your emails are working. If you did receive an email from your side, that’s a good thing.

You can also try to connect your online banking application and see whether your connection goes through. Make sure the URL is the actual link to the banking website. The hacker could change your URL request from https://www.bankofamerica.com to something like http://www.baknofAmerzica.com.

If you still get redirected to that foreign lottery site or another unwanted web page, please don’t click on anything. (Promise?)

Chances are, there’s embedded malware on the site. Click on your browser settings, go to the History tab, and restore the settings to default.

6. Someone else is controlling your device

Hackers that take over home internet devices also have the means to insert malicious code into your devices, including your phones, Internet of Things-enabled (IoT) light switches, and your Xbox. 

They can inject malicious software through your web connections, including rootkits, malware, and other exploits, to gain access and control your device.

If the hacker has control of your device, you may experience something like your device camera turning on by itself. Some hackers prefer to sit dormant for months, whereas others want to use your device to launch attacks against others right away.

How to fix a hacked router

Taking control of your home internet router is necessary to protect your family's privacy, data, and access to the web. Nowadays, secure internet access is pretty much critical for everyone in the household.

Whether you have a student downloading their homework, parents working from home, or need to access your home security systems while you’re away, you should stay in control of your home internet router.

If you’ve lost complete access to your home internet device, it’s highly recommended that you disconnect the router by unplugging it from the wall. Leave the device off for one minute to ensure current cached connections have dropped.

1. Factory reset your router

Once your router is reconnected to the power source, reset the machine back to the factory default.

This should ensure any previously compromised passwords for remote access to the device will be erased.

A screenshot of a router admin panel showing several diagnostics settings as well as options to restore the previous router firmware and factory reset the router.

Next, you’ll connect to your router by using the default admin settings. These settings include the default IP address (such as 192.168.1.1) and a password provided by the manufacturer. 

During setup, we recommend changing the router admin username and password to something only you will remember. You can refer to our step-by-step instructions about creating a strong password for help.

If you need help remembering passwords, you could use a password manager. (Please don't add another sticky note to the back of the device, thank you.)

Suppose you forget to update your router settings, no worry. Under the connectivity tab, you can change your router password. Please note, this password is for accessing the management console, not for internet connectivity. So ensure this password is different from your Wi-Fi password (sometimes called a WPA2 password).

A screenshot of a router admin panel that shows the option to edit the router password, set the time zone, and turn the router lights on or off.

2. Update your Wi-Fi network name and passwords

Once you’ve rebooted your device, it’s critical to change all detailed administration account information.

Cisco Linksys routers typically come with a Wi-Fi network name “Netgear.” It’s important to change the name of your device to something that hackers won't recognize and not Netgear, Linksys, or Cisco. Otherwise, you could leave your network open to a brute-force attack.

Log in to your device and go to the Wi-Fi settings tab. Here, you can change the network SSID name to something other than the default. Make sure you label your guest network differently than your family network.

A screenshot of a router admin panel showing the Wi-Fi settings and the network name currently set to "netgear29"

Once you’ve set the SSID name to something other than the default, the next step is to change the password. We recommend setting up different passwords for your home network and your guest network. You'll want to make sure the password for both networks is completely different from your router administration login credentials.

A screenshot of a router admin panel showing guest access settings for a 2.4 GHz and 5 GHz network.

3. Update your router firmware

All technology devices run on firmware, no matter how small or large. From time to time, devices have code issues. Manufacturers fix these issues through firmware updates.

After setting up your router security, including an updated password and SSID, we recommend you update the device’s firmware in case the manufacturer added additional security capabilities that will benefit you.

How to prevent your router from getting hacked

Internet access in the home is an important utility to maintain. These are several steps you can take to help prevent your device from being taken over by hackers.

Use a robust and complex password

Passwords should be complex. For example, your home password could be specific to your family, such as a favorite vacation spot. You could also add your child’s birth year on the front of the password: 1976Portugal. Lastly, we highly recommend adding special characters, including %$!.

Now, your home internet Wi-Fi access password could be 1976Portugal!.

More example passwords:

  • For family Wi-Fi access:1976Portugal!
  • For guest Wi-Fi access: %Pizza2020
  • For router admin access: [email protected]@

Notice that all three have different password characteristics. We recommend you choose separate passwords per connection type in case one is compromised. If that happens, the other networks will be safe.

Reboot your router regularly

By rebooting the router, you kick everyone off the device, including family members playing video games, your spouse chatting for hours with friends, and your brother-in-law watching ESPN 24 hours a day on his phone.

Rebooting also kicks off any unwanted connections, including your cheap neighbor who borrows your internet connection to host their podcast. Recommend to leave the device off for one minute to clear all cached connections.

Turn on automatic software updates

To keep your router current with the latest firmware, we recommend you set it to receive automatic updates from the router manufacturers.

A screenshot of a router admin panel showing firmware update options with the checkbox for automatic updates selected.

For example, your Cisco Linksys device could receive firmware updates at any time. The automated firmware update is typically non-intrusive to the device and the active connections.

If you’re unsure if your device has the most updated firmware, log in and compare your device's version number with the latest firmware version shown on your router’s support website. 

Turn off remote access

Having remote access to a home router is only opening a door for a hacker to take over the device. 

All internet routers are set up to allow access within your home to surf the internet. The router translates your computer address to a public address. This translation only works when you are connected from inside your network to external websites such as ESPN and Netflix. 

Blocking external connections coming from everywhere on the internet — including outside your home — is your router’s job. Disable all controls that allow for external connections into your private home network.

All configuration changes performed on the router should be done on the device management interface and only while it’s accessible from within your private internet network.

No remote administration of your home router should be enabled.

Shut off OpenVPN access

Another critical step in blocking remote access is to disable OpenVPN access. Only someone on your local area network should access the administration console by disabling this feature.

A screenshot of a router admin panel showing OpenVPN server settings.

There is an exception to this rule: If you need to gain remote access from an external location back into your home network, then you can enable the OpenVPN server to accomplish this task.

To use the VPN feature, you should enable the OpenVPN server on your router and install and run VPN client software on the remote device.

Disable WPS on your router

Wi-Fi Protected Setup (WPS) is a known feature on Wi-Fi routers to make the initial setup and access easier. However, But WPS is also risky to leave open for hackers to connect.

Many routers have a button on the back of the device which makes it easy to disable.

Don’t use the default Wi-Fi SSID

You’d be surprised how many people set up their home internet router and simply click through the configuration, accepting all default settings. Then, once their router connects to the internet, the SSID is in plain sight, which makes it easy for someone to look up the default password. Your neighbor will thank you for the excellent high-speed internet access.

If you want to see how many open SSIDs exist in your neighborhood, simply open your Wi-Fi settings.

A screenshot of nearby Wi-Fi networks, including some with no lock icons and therefore no passwords.

Plus, notice how many of these Wi-Fi networks have no lock icon, which means they have open access with no passwords. This is why we recommend you change your SSID to something other than the default and update your password too.

Rename all default administration accounts

Many home internet routers come with a default name. Many people skip through their setup and forget to change their username and password.

Before the device goes active, we recommend changing the administration name and password to something unique that only you can remember. (And don’t use the same username and password for your Wi-Fi login.)

Use security software

Although enabling the proper security controls for your home internet router, protecting your family and their devices doesn’t stop there. Loading antivirus and anti-malware software on all home devices is an excellent next step.

Even with secured home internet routers, malware, phishing emails, and ransomware could make it through the device. Having layers of security helps minimize the chances malware could spread from one home device to another. Also, encourage your fellow housemates to also use strong passwords on their devices  and know how to spot phishing scams.

Enable your router's firewall

Most routers come with a firewall already built in. All you need to do is make sure it's enabled in your router admin settings. 

But keep in mind that a router firewall can't protect you against all vulnerabilities like phishing scams or social engineering attacks. So it's a good idea to avoid clicking suspicious links or giving out your Wi-Fi login info to someone you don't know.

Router security FAQs


+

Does resetting your router get rid of hackers?

The resetting of your router will disconnect everyone from the device, including home users and hackers. Leaving the device off for one minute will remove all cached connections. However, this doesn’t get rid of the hacker.

Remember, the hacker can use the same method they previously used to attack your device, including accessing your router through default administration accounts, remote access, and other security flaws.

After you reset your router, go into the admin console and update all security settings to help stop the hacker from re-hijacking your device, including changing the administration password.


+

Should I use the guest network function?

We recommend that, during your home internet device setup, you establish two completely separate networks for guests and family.

Having friends and family over for dinner is always a wonderful and festive event. And, of course, they all want to jump on your internet and surf. However, you probably have no idea where their device has been. And, chances are, they probably don’t have the same layers of security you do. This is the value of having that guest network separate from the home users.

For home users, we recommend that you use the following networks if available on your device:

  • Home network: 5 GHz
  • Guest network: 2.4 GHz

Dual-band routers provide two independent and dedicated networks, 2.4 GHz and 5 GHz, which allows for flexibility and bandwidth management. If your device only supports 2.4 GHz, you can still safely use the guest network as long as it uses a different password than your home Wi-Fi network.

If you don’t have a dual-band router, there are plenty of budget-friendly options on Amazon.


+

What happens if your Wi-Fi is hacked?

If your Wi-Fi is hacked, you may not know for some time unless the hacker redirects your connections or your favorite music begins to sound choppy. Logging into your router and checking your network map will help you see whether you have rogue devices on your network using up your bandwidth.

Bottom line

How do you know if your home internet device has been hacked? Slow applications, music, and video are the first signs of trouble. 

An abundance of unauthorized devices showing up on your network map is another clear sign of your device being hacked. If your gaming consoles begin to reboot often, that could also mean a hacker is performing suspicious activities, including installing rootkits and Trojan horses.

If you think your router is hacked, we recommend the following steps:

  1. Log in to your router and check the network map and bandwidth. Look for any rogue devices.
  2. If you can’t log in to the admin console, power down your router and leave it off for one minute.
  3. Power up the device and reset it to factory default.
  4. Reconfigure the router from scratch. Remove all default settings, admin accounts, passwords, and SSIDs.
  5. Create unique passwords for the administration, home Wi-Fi network, and guest networks.
  6. Ensure all home devices have antivirus and anti-malware software loaded.
  7. Disable OpenVPN to block outside access to the device.

Keeping your family safe from hackers is extremely important. With the rise of internet extortions, social engineering, and ransomware, enabling the security controls on your router is a powerful deterrent to stop hackers from controlling your device.

Author Details
John Gormally
John Gormally is a seasoned global cybersecurity expert, freelance writer, and blogger. With a mix of 25 years in technology sales, marketing, and content creating, John enjoys sharing his experiences with the business community through his various writing projects.