Since the router is the guardian of your network, you’d think that router manufacturers would ship them with default options configured for security. However, several of the stock options on your router can open you up to security threats, requiring you to adjust them.
One option that’s easy to overlook is remote management of the router. This allows you (or anyone with your credentials) to manage your router from outside your network. While convenient, it opens a new attack surface, so it’s safest to disable it.
Understanding router access
To manage your router the traditional way, you must log into its administration panel using a device on its network (via Wi-Fi or Ethernet). Because you access your router through its local IP address, devices outside your home network can’t see it.
However, most modern routers also offer the option to log in and manage them from any device on the internet. To do this, you enter your router’s public IP address, followed by the port, into the browser on any device. From there, you can log into your router with your credentials as you would at home.
This is nice to have, but unless you’re a home networking enthusiast, you don’t need it. The risks of opening your router login page to anyone on the internet outweigh the few times you’d use this.
Thankfully, it’s not difficult to disable remote access on your router.
First, log into your router
In case you’re not familiar with logging into your router, you’ll first need to know its IP address on your network.
To find this on Windows, press Win + R to open the Run box, type “cmd” to launch the Command Prompt, and enter the core networking command “ipconfig”. Under Ethernet adapter or Wireless LAN adapter (depending on your connection), your router’s IP is listed under Default Gateway.
To quickly find this on a Mac, hold the Option key while you click the Wi-Fi icon at the top-right of the menu bar. Under your current network, you’ll see the address next to Router.
Open your browser and type the router’s IP address into the address bar. Doing so opens your router’s management panel, where you’ll need to log in with its credentials. This is distinct from your Wi-Fi password.
If you haven’t changed the default username and password, you’ll find them written on the router itself, in the manual, or from a web search of your model and “default password”.
Using the default username and password is a huge security risk because anyone can look them up. Before you continue with the below steps, secure your router by setting a unique username and password.
Disabling router remote access
Once you’ve logged into your router, you’ll need to find the remote management option. Like all router settings, this differs in name and location depending on your router brand.
On my ASUS router, it’s located in the Administration option, which is under Advanced Settings on the left sidebar. Click the System tab at the top of the page, then scroll down to the Remote Access Config section. Here, set Enable Web Access from WAN to No, then Apply to save the change.
This will disable all management access to your router from the internet, including third-party features like Alexa and IFTTT.
Once you’ve done this, you’ll no longer be able to access your router from outside your network. While on this menu, you should also make sure you’ve disabled remote access through Telnet and SSH. These are command-line remote access tools that allow you to manage your router through a terminal, which aren’t useful unless you’re super techy.
On my ASUS router, these are located on the same page as remote access, under Service.
Enable restrictions if you need remote access
While you likely don’t make a habit of managing your router from outside the home, there’s one area where this might affect you: your router’s mobile app.
If you want to utilize useful router features like reviewing network traffic or rebooting your router while outside the home, the mobile app is an easy way to do this. Plus, if you don’t have any other smart devices at home, checking if your router is online via the app is a simple way to see if your home power is out.
In case you rely on this, a decent compromise is Enable Access Restrictions (as it’s called on my router). This lets you keep remote access enabled while limiting it to certain devices. Add your phone and any other devices you expect to access your router from here, and only they will be able to log into your network.
However, after my experience, you should be careful with this setting. While setting it up myself, I accidentally clicked Apply with only my iPad added as an approved device. After I did this, I couldn’t access the router management panel from my desktop until I logged in from my iPad and added my PC to the list.
Further, it doesn’t recognize my phone when it’s not on Wi-Fi. I connected to 5G and tried to check my router using the ASUS app, and it wouldn’t connect.
The placement of this option and the way it’s worded make it sound like you’re limiting access from outside your network. But at least on an ASUS router, the limits apply to all connections. Be careful you don’t lock yourself out entirely.
Alternatives to remote access exist
For simple home networks, you can do all your management while you’re on the network. Remote access opens too many security holes for a small amount of convenience.
If you need to access your computer while out, I recommend TeamViewer for unattended access. For those who need to manage their network on the go but also want to stay safe, the best option is setting up a VPN to connect to your home network from anywhere.
Doing so is beyond the scope of this guide, but if you’re interested, Tailscale is often recommended as a powerful free option. And if you’re not scared to get more techy, you can connect to your router from anywhere using a Cloudflare tunnel.
While you’re upgrading your router security, make sure your network isn’t vulnerable to other issues, either.
