Cybersecurity 
The European Union (EU) is redefining its digital landscape with sovereignty, security and trust at the core. In the 2025 EU State of the Union, Commission
8 min read
Published on August 14, 2023
Updated on September 10, 2025.
Your router is the foundation of your internet, keeping everything from your laptop to your smart TV connected. If someone hacks your router, they could gain access to your personal information, slow down your home network or even spy on your online activity. You can tell if someone hacked your router if you notice unfamiliar devices connected to your network, sudden slow internet speeds or router settings being changed without your permission.
Continue reading to learn how a router can be hacked, the most common warning signs of a hacked router and what you can do to protect your network.
How can a router be hacked?
Hackers don’t need to physically be in your home to hack into your router; in most cases, they do it remotely by exploiting common security gaps. Here are two ways a router can be hacked:
- Weak admin password: A hacker can get into your router through the admin settings, including where you control your WiFi name, password and security options. If you’re still using the default admin password or a weak password, a hacker can easily guess your router’s password and compromise it.
- Software vulnerabilities: Just like your phone or computer, your router runs on software — called firmware — that needs to be updated regularly. These updates fix bugs and patch security gaps that hackers can exploit. If your router’s firmware is outdated, it may have known vulnerabilities that hackers can use to gain access. Since people rarely check for router updates, their networks can remain exposed, thereby increasing the risk of malware infections.
Common signs of a hacked router
A hacked router isn’t always easy to recognize, but changes in your internet behavior can be an early warning sign. Here are eight red flags that could mean your router has been hacked.
1. Slow or unstable internet speed
If your internet suddenly feels slower than usual and there’s no obvious reason (like too many devices streaming at once or bad weather), this could be a sign that someone else is using your network. Having slow or unstable internet could mean that your router has been hijacked and is being used for malicious purposes.
2. You can’t log in to your router’s admin settings
If you’re locked out of your router’s admin panel but know you’re entering the correct password, someone else may have hacked into your router and changed your login credentials. When accessing your router, a hacker will often visit the admin settings first to change your login credentials, locking you out so you can’t undo the changes already made.
3. Your browser keeps redirecting
If you’re taken to unexpected websites when you try to visit familiar pages, this could mean a hacker is redirecting you. Hackers can change your router’s Domain Name System (DNS) settings to redirect your traffic to fake, or spoofed, versions of real websites. If you click something on the spoofed website, you risk having your device infected with malware. Depending on the type of malware installed, a hacker can spy on you through your camera and microphone or even track your keystrokes to steal your personal information.
4. Suspicious activity alerts from your ISP
Some Internet Service Providers (ISPs) send alerts when they detect increased or unusual traffic coming from your network, such as spam emails or malware. If you receive one of these warnings, don’t ignore it — check that it’s legitimate first. To do this, call your ISP using the phone number listed on their official website to verify that they contacted you about suspicious activity on your network.
5. Increased pop-ups or ads on your devices
If your devices start showing more pop-ups than normal, especially when you aren’t browsing the internet, this could be a sign of malvertising. Even though pop-up advertisements can be a normal part of being online, be cautious if you notice an unusual number of them. A sudden increase in pop-ups could be due to your router being hacked.
6. Session hijacking
If you notice you’re logged out of websites without logging out yourself or see notifications that your online accounts were accessed from unfamiliar devices, these can be signs of session hijacking. This occurs when hackers intercept your session ID through a compromised network. Once a hacker steals your session ID, they can impersonate you online and access your accounts, steal personal information or even sell your data on the dark web.
7. Software or apps you didn’t download
If you start noticing unfamiliar software or apps installed on your devices, a hacker may have compromised your router and authorized downloads through the network. Many of the programs hackers install contain malware, so it’s important not to interact with them and to delete them immediately if you notice them.
8. Fake antivirus warnings
If you receive pop-ups claiming your system is infected and urging you to download a security tool, these are likely fake alerts triggered by DNS hijacking or malware infections. Your router is most likely hacked if you receive these types of alerts, so be careful not to download any third-party security tools, especially if you notice other signs of your router being hacked.
What to do if your router has been hacked
If you think your WiFi has been hacked, act quickly and follow these steps to secure your network and devices:
- Disconnect your router immediately: Unplug your router or disconnect it from the internet to stop any active cyber attacks. This stops hackers from accessing your devices to conduct malicious activities. If you have a wired router, just unplug the Ethernet cable; if you have a wireless router, power it off or disable the internet connection.
- Factory reset your router: Resetting your router restores it to factory settings, removing any malicious code or configuration changes. To do this, locate your router’s power button, then press and hold the small reset button nearby until a light flashes (typically 10-20 seconds).
- Change your router’s admin password: After resetting your router, log in to the admin panel and create a strong, unique password. Avoid using common passwords like “password” or “123456,” as these are easy for hackers to guess. For extra assistance, use a password manager like Keeper® to generate and store your passwords securely.
- Update your router’s firmware: Check the manufacturer’s official website or your router’s admin panel for any available firmware updates. Keeping your firmware up to date patches security vulnerabilities that hackers often exploit to gain unauthorized access to personal information.
- Change all your passwords: Update not only your router password but also passwords for sensitive online accounts, especially if you reuse passwords. Prioritize changing the passwords for your email, banking and social media accounts first.
- Install antivirus software and run an antivirus scan: Install antivirus software on every device connected to your WiFi, and run a scan on each of them. Hackers may have installed malware on your devices to steal data or maintain access even after you reset your router.
How to protect your router from getting hacked
Once your router is secure, it’s important to keep it safe from getting hacked in the future. Here are several best practices to help you protect your network from future cyber threats and keep your devices safe.
Secure your router with a strong admin password
Many hackers will try to access your router with the default username and password that comes with most routers. This is why it’s essential to change the default login credentials as soon as you set up your router. Use a strong, unique password of at least 16 characters that contains uppercase and lowercase letters, numbers and symbols. Avoid using personal information within your password, like your name, birthday or home address. For the strongest and most random passwords, use a password generator to create secure password options for your router.
Keep your router’s software up to date
Running outdated firmware leaves your router vulnerable to known security gaps that hackers can exploit. That’s why routers need regular software updates: to fix bugs and patch security vulnerabilities. Check for firmware updates frequently through your router’s admin panel. If your router supports automatic updates, enable this feature so you don’t have to worry about checking it manually or forgetting to update your router entirely.
Disable remote access
Although remote access lets you access your router’s settings from anywhere, it is also convenient for hackers if not properly secured. It’s best to disable remote access unless you absolutely need it. If you do use remote access, make sure it’s secured with a strong password and Two-Factor Authentication (2FA), if possible.
Create a unique network name
Many people leave their network name, or Service Set Identifier (SSID), as the default option. Choose a unique SSID that doesn’t include any of your personal information, such as your pet’s name or child’s birthday. Avoid using names like “NETGEAR” or “Linksys1”, which can lead hackers to know which security vulnerabilities they can exploit that are specific to your router’s brand or model.
Invest in a router that supports WPA3 or WPA2
WiFi Protected Access 3 (WPA3) is the most up-to-date wireless encryption protocol for networks. If your router only supports WPA2, consider upgrading your router to a newer model that includes WPA3. It’s important to have a router that supports WPA3 because it offers the strongest protection against brute force attacks and better data protection. WPA3 also generally comes with newer firmware and more modern features that keep your devices safer immediately.
Protect your router from getting hacked
Keeping your router safe should be a top priority, considering how essential it is as part of your home internet. By knowing how to spot the signs of a hacked router and responding quickly if you suspect your router has been hacked, you can reduce the damage and maintain control over your home network. Prevent future cyber attacks by using strong admin passwords, disabling remote access and upgrading your routers to support WPA3.
Frequently asked questions
Can someone hack my router remotely?
Yes, someone can hack your router remotely, especially if it has a default admin password or outdated firmware. Hackers can exploit these security vulnerabilities to gain access, change your router’s settings and monitor your network traffic. To reduce the risk of remote hacking, use a strong admin password, keep your router’s software up to date and disable unnecessary remote access.
Does resetting your router stop hackers?
Resetting your router can stop hackers by removing any malicious software they’ve installed, but it’s only effective if you take additional steps. Once you’ve reset your router to factory settings, you must also update your router’s firmware, change all your passwords and secure your network. Without these steps, hackers can regain access through the same vulnerabilities that they initially exploited.
Can you tell if someone is on your router?
Yes, you can typically tell if someone is on your router by checking which devices are connected in your router’s admin settings. If you notice unfamiliar devices or more connections than usual, this could mean someone is using your network without your permission. Other ways to tell if someone is on your router include slower internet speeds, suspicious activity alerts or unauthorized changes to your router’s settings.
