New to VPNs? Start with what is a VPN, then run this checklist. Also do a quick VPN speed test and a DNS/IPv6 leak test.
Quick checklist
- Enable WPA3 (or WPA2-AES if WPA3 isn’t supported).
- Use a strong Wi-Fi password and a different strong router-admin password.
- Change SSID, avoid brand/model hints.
- Keep router firmware up to date (auto-updates if available).
- Disable WPS and legacy ciphers (WEP/TKIP).
- Turn on the router firewall; block remote admin from WAN.
- Segment your network: guests / IoT / your devices (separate SSIDs/VLANs).
- Use privacy-friendly DNS with DoH/DoT and malware filtering.
- On mobiles, enable auto-VPN on untrusted Wi-Fi.
- Disable legacy services (UPnP, Telnet). Open ports only if required.
- Enable 2FA on key accounts (email, banking, cloud).
- Audit connected devices regularly; remove unknown ones.
- Schedule Wi-Fi off at night for less exposure.
- Keep system firewalls and auto-updates on.
- Restrict app permissions (location, mic, photos) on phones.
- For remote work use modern protocols (WireGuard / IKEv2).
- Use a reputable VPN for sensitive tasks.
When a VPN matters most
- Public Wi-Fi (cafés, airports): encrypted tunnel prevents sniffing.
- Remote work & banking: stable tunnel and no DNS/IPv6 leaks.
- Smart-TV/streaming: handle geo-blocks within service rules.
See also: Wi-Fi security guide, VPN protocols, Geo-blocks & VPN.
Video
If the embed fails: open on YouTube.
Protect Wi-Fi with NordVPN Try Surfshark
FAQ
Does hiding the SSID improve security?
Only marginally. WPA3 and strong passwords are what really matter.
WPA2 or WPA3?
Prefer WPA3; if unsupported, use WPA2-AES (not TKIP).
Are ISP DNS servers fine?
Use privacy-friendly DNS with DoH/DoT and malware filtering; set it on the router.
