Home Wi-Fi Setup Reference

28 Sep, 2025

This is a reference for myself when setting up home Wi-Fi.

Security Improvements

Disable WPS

WPS (Wi-Fi Protected Setup) is convenient but insecure — attackers can brute-force it. Disabling WPS is one of the simplest and strongest security upgrades.

Disable UPnP

UPnP automatically opens ports for devices and apps, which is risky. Disabling it improves security, though you may need to set manual port forwarding for gaming or video calls.

Update SSID & Password

• Use a strong, unique passphrase (12+ random characters, or a long passphrase).
• Avoid personal information in your SSID (no names, addresses, or ISP defaults).
• Use WPA2-AES at minimum, or WPA3 if supported.

Disable DLNA/Twonky

Media-sharing services like DLNA are rarely used today and can expose users to unnecessary risks. Turn them off unless you actively use them.

Disable Samba / File Sharing

Some routers support file sharing via the Samba protocol. These implementations are often outdated and prone to vulnerabilities. If you’re not using it, disable it.

Disable Hard Drive & Printer Sharing

Sharing drives and printers through your router exposes services you may not need. Disable unless essential.

Network Performance and Reliability

Use Reliable DNS

Improves reliability/speed depending on your ISP.

• Cloudflare (1.1.1.2): Fast, privacy-focused, with malware blocking.
• Google DNS (8.8.8.8): Stable, widely supported, but no filtering. The benefit depends on your location and the quality of your ISP's DNS.

Use WiFiAnalyzer (Android) to Optimise Channels

Especially useful in apartments with overlapping Wi-Fi. Manually setting channels can greatly improve speed and stability.

Split up 2.4G and 5G if Needed

Recommended if devices have trouble connecting.

• 2.4 GHz: Longer range, more interference, slower speeds - good for IoT devices
• 5 GHz: Faster, less interference, shorter range Having separate SSIDs lets you manually choose, which helps with smart devices.

Bonus: Privacy & Control

Use NextDNS or Pi-hole (Optional)

• NextDNS: Easy-to-set cloud DNS filtering (ads, trackers, malware).
• Pi-hole: Local network-level ad-blocking and tracking protection. Both add an extra layer of privacy and security.

Keep Router Firmware Updated

Enable auto-updates if supported, or consider OpenWrt/DD-WRT for advanced users.

Use a Guest Network

For visitors and IoT devices, with client isolation enabled. Keep your main devices separate from potentially insecure ones.

Disable Remote Administration

Unless you explicitly need it, turn this off to prevent outside access.

Quick Checklist

1. Disable WPS, UPnP, and unused sharing (DLNA, Samba, drives, printers).
2. Update SSID & password, use WPA2/WPA3.
3. Keep router firmware updated.
4. Optimise channels with WiFiAnalyzer.
5. Split 2.4G/5G if needed.
6. Set DNS (Cloudflare or Google).
7. Use guest network for IoT/visitors.
8. Disable remote admin.
9. (Optional) Add NextDNS/Pi-hole for filtering.