How to secure your WiFi

The best solution is to get rid of your WiFi.

But if you don’t want to, there’s still stuff you can do.

  1. Get a managed switch with VLAN support.
  2. Get an AP, one without WPS support.
  3. Put the AP on it’s own VLAN.
  4. Make sure the router’s firewall doesn’t allow traffic to the wired network, maybe some stuff, but if you allow anything, and they hack it, then they can use it as a proxy to get on your wired network. You may need a new router.
  5. Use a long random password, and change it everyday, hopefully you only have your phone on your WiFi, and it supports copy and paste.
  6. Don’t use WEP, use WPA and AES.

The Ubiquiti Networks UniFi AP doesn’t do WPS, at least not the one I have.

The Ubiquiti Edgerouter X is a good wired router, it has a firewall, that you can add rules to. If you need 1000 Mbps up and down at the same time, you’ll need a more expensive Edgerouter. It’ll do 1000 Mbps total, good enough for a shitty Comcast connection. The cheapest price for that router, is Micro Center and maybe Adorama Camera. You can buy from Adorama Camera on Amazon, the fulfilled is a jacked up price.

If you insist on one device for the WiFi and router, then use the AmpliFi. Don’t bother buying a switch in that case, it won’t do you any good. The WPS might be properly implemented on the AmpliFi, it was better when it didn’t support it.

I use a Zyxel switch, any with VLAN will do. I should upgrade to a POE one, then the AP can be powered directly from the Switch, assuming the ethernet cable girth length doesn’t matter. To cheap, and to lazy & stupid to setup a new one. I like buying more then one brand, that’s why the Switch isn’t Ubiquiti too. I only trust Ubiquiti for the router. Only know of one other brand that might work, it starts with an M. The easiest way to setup an Edgerouter is to use the wizard, then modify it. Unless you are smart, then you can manually set it up.

Can I change the WiFi password by SSH? I use the controller most of the time. If you can, you can make a script to change the password every second. You won’t be connecting, and neither will anybody else.

You can fully disable WPS on some routers, like TP-LINK, which you can use as an AP. You can check with an Android phone, no app exists for iOS to do so. I’d have to use a computer to check. There’s a system parameters link in admin on some TP-LINK routers, you have to disable WPS in there, going to WPS and disabling the PIN does nothing.

The NETGEAR I had, you can’t full disable WPS on it, pretty sure that router is dead, by whoever was abusing it. I won’t ever buy NETGEAR again, they implement a shitty WPS, and don’t let you disable it.