Use a reputable, paid-for VPN. This can help protect sites you visit from logging your real IP, reduce the amount of data your ISP can collect, and increase protection on public WiFi.

After getting a new router, change the password. Default router passwords are publicly available, meaning anyone within proximity would be able to connect.

There are different authentication protocols for connecting to WiFi. Currently, the most secure options are WPA2 and WPA3 (on newer routers).

Manufacturers release firmware updates that fix security vulnerabilities, implement new standards, and sometimes add features or improve the performance of your router.

If you configure your VPN on your router, firewall, or home server, then traffic from all devices will be encrypted and routed through it, without needing individual VPN apps.

When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider or secure service.

OpenVPN and WireGuard are open source, lightweight, and secure tunneling protocols. Avoid using PPTP or SSTP.

Use DNS-over-HTTPS which performs DNS resolution via the HTTPS protocol, encrypting data between you and your DNS resolver.

Typically they’re manufactured cheaply in bulk in China, with insecure propriety firmware that doesn't receive regular security updates.

You can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials.

It is possible for a malicious script in your web browser to exploit a cross-site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them.

You should update your network name, choosing an SSID that does not identify you, include your flat number/address, and does not specify the device brand/model.

WiFi SSIDs are scanned, logged, and then published on various websites, which is a serious privacy concern for some.

Your router's Service Set Identifier is simply the network name. If it is not visible, it may receive less abuse.

Wi-Fi Protected Setup provides an easier method to connect, without entering a long WiFi password, but WPS introduces a series of major security issues.

Universal Plug and Play allows applications to automatically forward a port on your router, but it has a long history of serious security issues.

Do not grant access to your primary WiFi network to visitors, as it enables them to interact with other devices on the network.

Modifying your router admin panel's default IP address will make it more difficult for malicious scripts targeting local IP addresses.

Services like Telnet and SSH that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed.

Close any open ports on your router that are not needed. Open ports provide an easy entrance for hackers.

When protocols such as PING, Telnet, SSH, UPnP, and HNAP etc are enabled, they allow your router to be probed from anywhere in the world.

You should treat your router's admin panel with the utmost care, as considerable damage can be caused if an attacker is able to gain access.

It's common to want to pump your router's range to the max, but if you reside in a smaller flat, your attack surface is increased when your WiFi network can be picked up across the street.

VPNs have their weaknesses. For increased security, route all your internet traffic through the [Tor](https://awesome-privacy.xyz/networking/mix-networks/tor) network.

Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet.