An intruder on your WiFi network is not just someone stealing your bandwidth. Depending on their knowledge, they can see which sites you visit, intercept unencrypted traffic, access connected devices in your home network — printers, cameras, shared hard drives — or use your connection for illegal activities that would be recorded in your name. It's not an apocalyptic scenario: it's a real and concrete risk.
The good news is that detecting intruders and closing access is easier than it seems, and you can do it without advanced technical knowledge.
Signs that there might be an intruder on your network
Before you start checking the router, there are behavioral signs that can alert you:
- Internet speed drops for no apparent reason, especially during hours when it normally works well. If your fiber is slow at 11 am on a working Tuesday, something is consuming bandwidth.
- Monthly data consumption is higher than expected. If your operator notifies you that you've consumed much more than usual without changing your habits, it deserves investigation.
- The router's activity light blinks constantly even when all your devices are off or in sleep mode. Disconnect all devices you know and observe if the router still shows activity.
- Unknown devices appear on your network when you check the router's list (we'll see this below).
How to see all devices connected to your router
Method 1: From the router panel
Open a browser and enter your router's IP address. In most Spanish home routers, it is 192.168.1.1 or 192.168.0.1. If you don't know yours, in Windows you can see it by opening the command prompt and running ipconfig: the "Default Gateway" is the router's IP.
Once inside (username and password are usually on the router sticker, or are "admin/admin" if you've never changed them), look for a section called "Connected Devices", "DHCP", "Network Map" or similar. You'll see a list with each device's name, its MAC address, and its assigned IP.
Go through the list and identify each device: your mobile, laptop, tablet, smart TV, console, robot vacuum, WiFi light bulbs if you have them... If you see any device you don't recognize, it's a warning sign.
Method 2: Fing app (easier and more visual)
Fing is a free app available for iOS and Android that scans your WiFi network and shows all connected devices with their manufacturer, MAC address, and device name when available. It is much more visual than the router panel and detects devices that the router sometimes doesn't list correctly. It's the tool I use when I need a quick diagnostic of a home network.
If you find an unknown device, note its MAC address (format like AA:BB:CC:DD:EE:FF). You can use it to specifically block it from the router, although the most effective thing is to change the WiFi password directly.
5 steps to secure your router right now
Step 1: Change the WiFi password
It's the most effective and direct action. By changing the password, all connected devices — including the intruder — are immediately disconnected. You'll need to reconnect your own devices with the new password. Choose a password of at least 12 characters, combining uppercase, lowercase letters, numbers, and some symbol. No birth dates or proper names.
Step 2: Use WPA3 or at least WPA2
The encryption protocol your WiFi uses determines how hard it is for someone outside to crack your password even if they intercept it. WEP is completely broken and can be cracked in minutes with free tools. WPA1 is also not secure. The minimum acceptable today is WPA2-AES. If your router is relatively modern (post-2020), it likely supports WPA3, which is significantly more robust.
To check and change it, go to the router panel, look for the WiFi settings section and locate the "Security" or "Encryption" field. Select WPA3 if available, or WPA2-AES if not.
Step 3: Disable WPS
WPS (WiFi Protected Setup) is a function designed to connect devices to the router by pressing a physical button or entering an 8-digit PIN. The problem is that this 8-digit PIN has a known vulnerability that allows it to be brute-forced in a matter of hours. Most attacks on home networks exploit WPS.
Disable it from the router panel by looking for the "WPS" section and changing the status to "Disabled". The convenience of connecting devices without a password doesn't compensate for the security risk.
Step 4: Create a guest network for your IoT devices
Most modern routers allow you to create a secondary WiFi network or "guest network". This network has internet access but is isolated from your main network: devices connected to it cannot communicate with devices on your main network.
Use it to connect all your home automation devices: light bulbs, smart plugs, robot vacuums, WiFi cameras. These devices are notoriously less secure than computers or mobiles and can be attack vectors if someone compromises them. By isolating them in a separate network, even if someone enters through them, they won't be able to reach your computer or NAS.
Step 5: Update the router firmware
The firmware is the router's operating system. Manufacturers publish updates that fix known security vulnerabilities. A router with three-year-old firmware may have security flaws that already have a solution but you haven't applied.
From the router panel, look for the "Firmware Update" or "Software" section. Some routers do it automatically; others require downloading it manually from the manufacturer's website. If your router is more than 5-6 years old and the manufacturer no longer publishes updates for it, consider replacing it.
What to do if you suspect data has been stolen?
If the intruder was in your network for a while or if you have indications that they intercepted traffic, the priority actions are:
- Change the passwords of your most important accounts (email, online banking, social networks) from a device on a different secure network, like mobile data.
- Activate two-factor authentication on all accounts that allow it. Even if someone has your password, they won't be able to access without the second factor.
- Check recent access to your email and banking accounts. Most show session history with IP and location.
- If you use banking services from home regularly, notify your bank so they can check if there have been suspicious access attempts.
When to call a technician
Most of what we've seen in this article can be done by anyone with a little patience. But there are situations where it makes sense to ask for professional help:
- If after changing the password and securing the router you still detect suspicious activity: the problem might be deeper, like a compromised device within your own network.
- If you have a business network with multiple computers, servers, or sensitive client data: home measures are not enough.
- If you suspect someone has had access to banking or personal data for a prolonged period: a professional review can identify how far the access went.
Quick summary for immediate action: access the router (192.168.1.1), check connected devices, change the WiFi password to a strong one, disable WPS and activate WPA2 or WPA3. With that, you solve 95% of home intruder cases.