Before you touch anything even remotely advanced, start with a few basics that are always worth doing. Whether you just bought a new router or have one you haven’t fiddled with before, check these out.

Start with the router admin login, because that’s the one people forget exists. Your Wi-Fi password controls who can join your network (and it’s still worth changing), but the admin password controls who can make any changes to it. If an attacker somehow makes it into your router’s admin panel, they can mess with important things like DNS settings, open ports, and security settings.

To change your router’s password, as well as any router-related settings, open a browser on a device connected to your home network. Then, you need to find the router settings page (which is often just 192.168.0.1, 192.168.1.1, or 10.0.0.1; otherwise, check the label on your router). Sign in with your current admin credentials, then navigate the menu to change the admin password or router login. While you’re in there, turn off remote management unless you truly use it.

Next, update the firmware. This will, again, have you checking the label on the actual device and then finding them online. Some routers have automatic updates.

• Turn off the easy security features you don’t need

Using the same login method described above, you can now go and disable a few settings that could make your connection more secure.

The first such setting is WPS (Wi-Fi Protected Setup). It’s designed for convenience, as it lets you join the Wi-Fi network without having to type in the full password; all you need is a PIN. However, this is an unnecessary way to weaken the security of your connection, so it’s best turned off.

UPnP (Universal Plug and Play) is another setting to disable. It often comes enabled by default. UPnP lets devices on your network automatically ask the router to open ports for them, which is convenient, but also means less oversight over your network. However, if you game online and run into matchmaking issues, leave UPnP on; you might need to set up port forwarding instead. On the other hand, if you have a NAS and are planning to expose it to the internet, this is definitely one of the first settings you should be disabling.

Now, a setting that may have different names depending on your exact router: Remote management. Look for things like “Remote administration,” “web access from WAN,” etc. This lets you access your router’s admin panel from outside the home, and is something most people never use.

If you’re not hosting anything, such as a game server or a remote access tool, check your port forwarding/triggering list and remove any rules you don’t recognize or no longer need. Forwarding creates a direct path from the internet to a device inside your home, and if that device has a vulnerability, your entire network could be exposed.

Lastly, take a look at some router services and easy sharing features that you may or may not be using. If you don’t need them, turn them off. This includes USB file sharing (SMB/FTP), built-in media servers (DLNA), download managers, and personal cloud features. These features don’t just give hackers another way into your network, but they also may hurt performance. Router CPUs aren’t exactly powerhouses, so less is more.

• Take a look at your Wi-Fi settings

Time to move on to Wi-Fi settings. Start with checking your Wi-Fi security mode, and if your devices support it, set your network to WPA3 Personal or WPA2 Personal with AES, as per CISA recommendations. Avoid legacy options like WEP, WPA, or anything that mentions TKIP, and steer clear of open networks.

Next, change your SSID, or in other words, your Wi-Fi name, and change your password too.

Finally, something for Wi-Fi performance. If your router has separate 2.4GHz and 5GHz options, consider splitting them into two network names if devices keep connecting to the slower band; that way, you can choose some devices to prioritize over others.

You can also check channel width, because wider is not always better in busy areas, so leaving 2.4GHz at 20MHz might help if your connection isn’t stable.

• Stop “smart” features from slowing your connection

Many routers come with lots of extra features, but chances are that you don’t need many of them. If they’re enabled by default, they could be reducing speeds or adding latency, especially on cheaper routers that don’t have the latest hardware at their disposal.

If you’re not happy with your connection (and you’re sure it’s not the ISP, as was the case for me), look into disabling the following:

• QoS and bandwidth controls. QoS tries to prioritize certain traffic, but when misconfigured, it can seriously mess with your speeds and cap them far below what you’re paying for.
• Router-based antivirus, content filtering, ad blocking, and deep packet inspection: All of these can be good, but they can seriously slow down your router.
• Always-on analytics (if you don’t use them) can go, too, such as traffic monitoring or regular speed tests.