7 Signs of a Hacked Router and How to Fix It
See if you have a hacked router and learn how to safeguard your data and devices against future attacks.
Jun 28, 2023 | Share
How-To, Internet Speed Guides
Internet issues are just a way of life, like getting a flat tire or burning a turkey in the oven. Something problematic will always pop up while you still live and breathe—network troubles on your provider’s side, storms blowing down lines, the speed woes of a tired old router. Something.
But what if you suspect foul play? What if all your devices load the same website no matter what you type into the address bar? Or, even worse, you sit at your computer, utterly speechless, as a “ghost” seizes your mouse and opens your bank account? Not fun.
Those two scenarios alone are good signs of a hacked wireless router. But don’t worry: we’ll clue you in on how to recognize a hacked router, how to fix it, and how to make sure it never happens again.
Are you troubleshooting speed issues?
You may not have a hacked router but a slow internet plan. Enter your zip code below to find a faster plan in your area.
Signs that someone hacked your router
There are many signs of a possible router hack that can throw up a red flag. Some are general and could apply to other router-related issues. Others are a sure sign that someone else now controls your network.
Sign #1—You can’t log in to your router
First, let’s be clear that your inability to sign in to your router or gateway doesn’t always mean you’ve been hacked. There have been plenty of times when we returned to a router we previously tested, and it (rather rudely) denied us access to the settings. This is not an uncommon problem. It usually means you’re entering the wrong password, you misspelled the password, or something on the router side is corrupt. Case closed.
With that said, there’s also the slim possibility that someone hacked your router. Someone may have figured out the credentials, logged in, and changed the password to lock you out. After that, a hacker has free reign to change additional settings and make your life miserable.
But why did the attacker target you? Perhaps you clicked on a clever email or message link, and now the hacker has full control of your home network. Hackers also probe the internet for vulnerable routers they can use to create botnets, steal your bank login info, and so on. Welcome to the modern-day World Wide Web.
So, whether you’re hacked or just having password issues, the only remedy is to reset your router to its factory defaults.
Immediate action: Follow our instructions on how to reset your router.
Sign #2—All internet browsers lead to the same site
Browser hijacking is a sure sign that you have a hacked router or gateway.
In this case, a hacker logged in to your router and changed its Domain Name System (DNS) settings—the system that matches numeric IP addresses with alphanumeric ones you can easily remember, like google.com.
By doing so, the hacker can redirect all internet traffic through your router to a malicious DNS server. This server will lock you to specific websites that can steal your information and install malicious software on every internet-connected device you own.
Immediate action: Log in to your router and change the DNS settings and password. If you can’t log in, reset your router. You should also scan every device with antivirus software to make sure there’s nothing on your devices that’s hijacking your browser.
Sign #3—There’s strange software on more than one device
If you see new, unfamiliar software on more than one device—especially if you didn’t download it intentionally—there’s a good chance someone hacked your router and remotely installed malware onto your devices.
Strange, uninvited software includes browser toolbars, fake antivirus clients, and other programs that will generate random popups on your screen or within a browser.
If you have multiple computers, this uninvited software may be on all of them. Malware can replicate on a single device and spread across wired and wireless connections, similar to how a virus spreads from person to person.
Immediate action: Log in to your router and change the password. If you can’t log in, reset your router. Afterward, make sure your router has the latest firmware. Be sure to uninstall the strange software from your device(s) and run an antivirus client.
Sign #4—You receive a ransomware message
Ransomware messages are a good sign that you have a hacked router. These attackers can seize control of the router and demand money in return for its release. The message may appear in the form of an email, instant message, text, or a popup generated by uninvited software installed on your device.
Immediate action: Don’t pay a dime, and follow our instructions on how to reset your router. Be sure to create a unique password that hackers can’t guess.
Sign #5—You see unrecognized devices on your network
You can use the router’s web interface or a compatible mobile app to see a list of devices connected to your home or office network. For example, the Linksys Smart Wi-Fi interface provides a network map—just click on a device to see its assigned address.
When you look at the map, all local devices have a derivative of the router’s private IP address. If your router’s address is 192.168.1.1, for example, then all device addresses should start with the first three numbers (192.168.1).
However, a device remotely accessing your router won’t have an address that matches the first three numbers of your router’s private address.
Immediate action: Kick the unknown device(s) off your network and change the password. Disable remote access if you never use it.
Sign #6—You can’t control your device
If you sit in front of your computer and watch an uninvited, unseen guest move the mouse and access your banking information, you definitely have a hacked router.
In this scenario, the hacker has remote access to your device and can open any file or online account using the passwords you store in the operating system or browser.
Immediate action: Unplug your devices and disconnect your router from your modem. After that, follow our instructions on how to reset your router. Change your passwords, too.
Sign #7—Your internet speeds are slower than snails
Slow internet speeds aren’t uncommon. There may be issues with your provider, too many devices downloading at one time, and so on. But if you experience extremely slow speeds along with other symptoms on this list, chances are you have a hacked router.
Your speeds could be slow because the hacker seized your full bandwidth for the following:
- Botnet activity
- Distributing malware to other networks
- Remote connections to your devices
- Cryptojacking
- General internet piggybacking
Immediate action: First, use our tips on how to speed up your internet to see if the problem is just a connection issue. If you think that someone hacked your router, try to change the password. If you can’t, follow your instructions on how to reset your router.
How to fix a hacked router or gateway
You can easily and quickly fix a hacked router. There’s no need to throw it out the window and purchase a new one.
Step 1: Disconnect the router or gateway
If you have a standalone router, disconnect the Ethernet cord to avoid communicating with the modem. If you have a gateway, disconnect the internet connection instead.
In both cases, disconnect all other wired and wireless devices.
Step 2: Power cycle or reset your router or wireless gateway
In some router hacking cases, a simple power cycle (reboot) works as a quick fix. This method clears the memory of any malicious code and refreshes your public IP address. Just pull the plug, wait 30 seconds, and then plug the cord back into the outlet.
In other cases, you may need to reset your router to its factory settings if an infection persists or you can’t log in. A power cycle cannot remove severe infections like VPNFilter.
To factory reset your router, find its reset button—it’s either surface-mounted or recessed on the back. Press and hold the button—you’ll need a paperclip for a recessed button—for 10 seconds until your router’s LEDs indicate a reboot.
Step 3: Change the password
Once the router reboots, log in and change the password. You can use one of the best password managers to create one and retrieve it from your account when needed.
If you reset the router, be sure to use a strong password when prompted to set one during the setup. Do the same with your Wi-Fi network, too.
Actually, we suggest you create a passphrase instead of a password. It’s a long string of unrelated words filled with symbols and numbers. Make it something you can remember but isn’t easily guessed.
Immediate action: Read our guide on how to change your Wi-Fi network name and password.
Step 4: Update the firmware
Set your router to update its firmware automatically if it’s not already. And if your router doesn’t give you the option to update automatically, set yourself a reminder to check every month or so.
But carry out either method with caution, as faulty firmware can render your router useless. Check the manufacturer’s notes to make sure the latest firmware is stable. You shouldn’t have any issues with new firmware, but it doesn’t hurt to be cautious and proactive. Routers aren’t cheap.
Immediate action: Read our guide on how to update the firmware on routers from several popular brands.
How to prevent a router hack
Use the following suggestion to safeguard your devices and sensitive data against hackers.
Stay on top of firmware updates
Your router is a miniature computer with a processor, system memory, and storage that houses the operating system (firmware). Unfortunately, firmware is never bulletproof, as there can be bugs in the code and security holes. Attackers will utilize these unpatched flaws and access your router with ease.
Manufacturers distribute firmware updates regularly to squash these bugs and patch vulnerabilities. Generally, we suggest you enable automatic firmware updates if the feature isn’t toggled on already and you never manually install new firmware. Log in to your router and toggle on automatic updates if they are not already.
However, be aware that things can happen. Bad firmware uploaded to a manufacturer’s distribution server can brick your router. Malware-infected firmware distributed to a router can lock you out. Auto-updates are convenient, but there’s a rare chance the update can go awry and leave you with a $300 paperweight. For this reason, some manufacturers don’t support auto-updates.
Read our guide on how to update the firmware on routers from several popular brands.
Use a secure password
Most routers now ship with a unique passcode you enter when connecting to Wi-Fi for the first time. The setup process requires you to create the administration and Wi-Fi passwords before you can even use the router. Some require a cloud account prior to starting the setup process, like mesh networking systems.
Overall, never use an easily guessed password with your router or Wi-Fi network. These include names of pets, children, other family members, and anything that links to your interests. Believe it or not, the two most used passwords are still password and 123456. Like, really?
A hacker can use free online tools to carry out a brute-force attack—a trial-and-error method that continuously enters every possible password until one works. Hackers can also use a library attack, which uses words pulled from a dictionary. These attacks can quickly crack an easy eight-character alphanumeric password.
As we suggested earlier, use a passphrase instead of a password. It’s a string of unrelated words with symbols and numbers that’s harder to crack than any password you create.
Schedule routine reboots
A monthly reboot is good for the router, as it can clear the system memory and refresh all connections.
Additionally, your internet provider assigns a public IP address to your router. It usually refreshes every 14 days anyway (unless you pay for a permanent “static” address), but a reboot gives you an extra refresh if hackers obtained one of your previous addresses.
Disable remote access
Remote access is a feature for changing the router’s settings when you’re off the network, like from a hotel room. Most routers now have two methods, but the one you should be concerned about lies within the web interface. It’s an easy entry point for attackers, especially if you use a weak password.
Based on the routers we’ve tested, this feature is disabled by defalt in favor of cloud-based access through mobile apps. Still, you should check to see if it’s disabled, and if not, turn it off immediately. Only use this version of remote access if the app doesn’t have the settings you need to change off-network—and only do so sparingly.
Be sure to use strong passwords or passphrases when you set up a cloud account (and you don’t use the ones supplied by Android and Apple devices). Also, enable biometrics so you’re not manually entering login credentials out in public.
Disable WPS
Wi-Fi Protected Setup (WPS) has good intentions. It allows users to connect their devices to a wireless network without a password. Simply press the WPS button on the router, or enter an eight-digit PIN provided by the router.
But the convenience has a major drawback. Hackers can use a brute-force attack to figure out the PIN in 4 to 10 hours—they don’t need access to the physical button. You can easily disable WPS through the router’s backend and instead use our guide on how to share your Wi-Fi network’s password to any device.
If you have a Linksys router, for example, you can disable WPS by doing the following:
Step 1: Select Wi-Fi Settings displayed under Router Settings.
Step 2: Click on the Wi-Fi Protected Setup tab.
Step 3: Click the toggle so that it reads OFF.
Step 4: Click on the Apply button. You must click this button so that WPS and its related PIN are completely disabled—clicking on the toggle without applying the change isn’t enough.
Change the network name
The Service Set Identifier (SSID) is your wireless network’s name. All routers broadcast the manufacturer’s name by default, like Linksys_330324GHz or NETGEAR_Wi-Fi. Anyone within range can see this name, know who built your router, and search the internet for the default login credentials if they’re available.
However, the router prompts you to rename the wireless network during the setup process for that very reason. If you ignored the router’s request, now is a good time to return to the settings and change the network name. Use whatever you want, just don’t advertise anything that can help attackers infiltrate your home network.
If you have band steering turned on, you’ll only need to change one SSID. If band steering is turned off, you’ll have two or three connections to rename. We normally add a “-24” or “-5” suffix to distinguish between the different bands.
Finally, network names can be 32 characters long.
Want to keep hackers off your network?
We suggest one of the best routers for security.
How to protect your devices from hacks
There’s more to protecting your network against hackers than securing your router. You need safeguards in place to protect your devices and personal data, too, should an attacker take control of your router.
Computers and mobile devices
Lock your device with biometrics or a passcode
Use facial recognition and fingerprint scanning to lock your devices and accounts versus using passwords. Passcodes and patterns are better than passwords, too, but you run the risk of someone guessing them correctly by viewing the smudges on your screen.
Keep all software current
Device manufacturers like Apple and Lenovo release system updates to squash bugs in the code, optimize performance, and fill security holes. Software developers do the same, so be sure every platform, desktop software, and app you use is current.
Never install questionable software
If the desktop software or app—or even the website that hosts it—looks shady, then don’t install it. Always get your apps and software from verified sources versus back-alley repositories lurking in the dark corners of the internet.
Never connect to an unsecured public network
An unsecured public network means the Wi-Fi connection doesn’t use any security. The data you send and receive from an unsecure Wi-Fi access point isn’t protected from eavesdropping hackers eager to steal your info.
Use a VPN service
Many modern routers now support OpenVPN, a free VPN service you can use to hide your online activity. All you need is to enable the server on your router and install the client software on your devices. We also provide a list of the best VPN services if your router doesn’t include a VPN server.
Turn off Bluetooth
Bluetooth is another form of wireless communication. Device manufacturers like Apple say to keep it turned on “for the best experience” but the Federal Communications Commission suggests you turn it off when not in use, as hackers can access your device by spoofing other Bluetooth devices you use. If you must enable Bluetooth, use it in “hidden” mode.
Use Two-Factor Authentication
Always, always enable two-factor authentication on every account you use. It’s a pain, we know, but that added layer of security keeps hackers at bay should they somehow get your login credentials.
Never click or tap on strange links
Malware you unintentionally download to your computer or mobile device could lead the way to a hacked router. Here are several ways you can get unwanted malware:
- Click on a link in a phishing email or chat message
- Connect an infected flash drive
- Access a malicious website
- View infected ads
Computers only
Keep your antivirus current
Apple macOS doesn’t include built-in antivirus because hackers rarely ever target the platform. Microsoft Windows is a different story, however, and includes antivirus protection for free. Be sure to keep it and any third-party antivirus software you have installed on Mac or Windows up-to-date, so you stay protected against the latest threats.
Never disable your firewall
All computing devices have a firewall that monitors your network traffic flow but you can disable it on Mac and Windows. This is a bad idea, as you remove all restrictions and open the door for hackers to slip in and infiltrate your device. We provide instructions on how to re-enable your firewall on Windows and Mac if for some reason it’s disabled.
Author - Kevin Parrish
Kevin Parrish has more than a decade of experience working as a writer, editor, and product tester. He began writing about computer hardware and soon branched out to other devices and services such as networking equipment, phones and tablets, game consoles, and other internet-connected devices. His work has appeared in Tom’s Hardware, Tom's Guide, Maximum PC, Digital Trends, Android Authority, How-To Geek, Lifewire, and others. At HighSpeedInternet.com, he focuses on network equipment testing and review.
Editor - Cara Haynes
Cara Haynes has been editing and writing in the digital space for seven years, and she's edited all things internet for HighSpeedInternet.com for five years. She graduated with a BA in English and a minor in editing from Brigham Young University. When she's not editing, she makes tech accessible through her freelance writing for brands like Pluralsight. She believes no one should feel lost in internet land and that a good internet connection significantly extends your life span.