SkipToMainContent

Privacy

How to tell if someone hacked your router: 10 warning signs

A gentleman with a gray beard sits in front of a desktop computer, indicating he is likely browsing online and should know the answer to the question of how to tell if someone hacked your router.

May 26, 2022

Everyone experiences internet troubles from time to time. Your router might need updating or you could have too many devices on one network. But in this digital age, you need to know if you’re experiencing a larger issue — and if so, how to tell if someone hacked your router.

Router-hacking cybercriminals are swift and precise, spending countless hours spotting network vulnerabilities and ultimately compromising sensitive data.  

Lucky for you, you can also spot these hacking attempts by understanding the signs of router hacking.

We’ve rounded up some examples in this router protection guide, and also an overview of how to fix a hacked router along with tips to help improve your router security.

10 signs of a hacked router

Two illustrations overview warnings signs for how to know if someone hacked your router.


If you deal with these computer and network issues daily, there’s a good chance a hacker found a way to compromise your Wi-Fi router. 

1. Router login failure 

Having trouble logging into your router’s admin settings is an immediate sign of having your router hacked. Since passwords can’t change themselves, a hacker likely used some kind of password attack to break into your router’s settings. Cybercriminals use this access to create security flaws to further exploit your data.  

Router protection tip: Use complex passwords for router admin profiles to prevent your passwords from being  hacked.

2. Slow internet speed 

Experiencing slower internet speeds is normal. There are a variety of factors that can affect an internet connection, such as router placement, weather conditions, and outdated firmware. However, experiencing slower speeds could also indicate that you’ve had your Wi-Fi hacked. 

Router protection tip: Create a unique Service Set Identifier (SSID) — or name of your Wi-Fi network — to prevent your network from being identified.

3. Browser redirects 

Browser redirects occur when your browser takes you to a completely different website than you intended to enter. Hackers who can get ahold of your router’s admin account can change domain and IP address settings to have all your traffic directed to where they’d like. This is usually a website hosting malware or other viruses that can further corrupt personal computers and networks.

Router protection tip: Regularly schedule router password changes and router reboots to patch security flaws that  cybercriminals can exploit.  

4. Suspicious network activity 

You should habitually review your Wi-Fi activity logs to check for unfamiliar IP addresses that are using your internet. This could be an indication someone has unauthorized access to your network and could be silently siphoning any information they can find without triggering any alerts.  

Router protection tip: Turn off Wi-Fi Protected Setup(WPS), which allows devices to connect to your Wi-Fi network without the use of a password, to avoid unauthorized access to your network.

5. Unfamiliar software downloads

Your device shouldn’t have any software that you don’t recognize or remember downloading. If it does, consider it a potential risk to your cybersecurity and delete it. Hackers often use drive-by downloads to install malicious software onto computers without the user’s knowledge or consent.   

Router protection tip: Download antivirus software to flag and prevent malware from being downloaded onto your device. 

6. Session hijacking 

Session hijacking grants a hacker complete control over a device. They can move freely through systems, applications, and files as if they were sitting right in front of the computer.  

Router protection tip: Regularly unplug and disconnect your router to give it a hard reset. Bump all users off of it to purge your router. 

7. Ransomware messages 

Some may find they have a hacked router by receiving ransomware messages in their email. Ransomware is a type of cyberattack capable of encrypting digital files, systems, and other assets until you pay a demanded ransom. If you don’t, they’ll threaten to destroy, sell, or expose your stolen items.

Router protection tip: Never respond to or pay ransom demands.

8. Fake antivirus notifications

Fake antivirus notifications, also known as scareware, alert you of a virus installed onto your device and pressure you to download an antivirus solution to destroy it. Though sometimes convincing, these are false advertisements. Hackers lace these downloads with malicious software capable of compromising your router and internet connection. 

Router protection tip: Only use antivirus software from well-known and trusted companies.

9. Increase in pop-up advertisements

You can treat unsolicited pop-up ads similar to how you’d treat scareware. If you notice an increase in these unsolicited messages, it’s a telling sign of having your router and internet hacked. These ads also often have adware hidden inside to launch once they are installed onto your device. 

Router protection tip: Never click or download anything from suspicious pop-ups. 

10. Alerts from your internet provider 

Finally, your internet provider might even alert you of increased or unusual activity on your network. And you should take those alerts seriously if you can verify they’re from your internet provider. To do this, call your internet provider directly and verify that they contacted you with this alert.

Router protection tip: Change your admin login credentials and reboot your router.

Common causes of a compromised router 

Now that you know how to tell if someone hacked your router, you might also be wondering how people typically end up with a compromised router in the first place.

There are a few common causes.

Network vulnerabilities

Network vulnerabilities are a hacker’s best friend when it comes to breaking into home routers. A study surveying 127 homes found that each household’s router had at least over 100 vulnerabilities, compromising the Cyber Safety of all connected devices using that internet connection. These security gaps allow cybercriminals to install different types of malware that help hackers get ahold of your personal information

Remote management 

Remote management allows people to connect to their router from remote locations. Though convenient for people traveling or working remotely, having this level of open access could potentially put your network at risk for session hijacking or browser hijacking.

Hackers who get a hold of and use this connection could take complete control over your computer. They’ll then transfer your data to themselves for future use or sell it on the dark web to the highest bidder.  

How to fix a hacked router?

A list overviews five steps to fix a hacked router, supporting an answer to the question of how to know if someone hacked your router.


If you experience these issues and you’re sure there’s a hacker at large, follow these
steps to help fix your hacked  router.

Step 1: Disconnect the router from the internet

Disconnecting your router from the internet can stop the progress of cyberattacks from existing on your network.

  • If you have a standalone router with cables, simply unplug your Ethernet cord  from your router to immediately stop communication with your modem.
  • If you have a wireless router, you can just switch off your internet connection.

Both actions can stop cyberthieves in their tracks.

Step 2: Reset the router

Resetting your router is often a quick fix for potentially hacked routers. In most cases,  you can do a simple power cycle to clear your router’s memory and any malicious  programs, then reset your IP address. All you need to do is unplug the router, wait 30 seconds, and plug it back in.

If this doesn’t work, resetting your router to its factory settings is the next best option.  You can do this by locating the router’s power button — either mounted on the  surface or nestled in the back —  and holding it for at least 10-20 seconds or until a  light flashes indicating a reboot.

Step 3: Change your account’s password

After resetting your router, the next step should be changing the login credentials to  your router’s admin account. You don’t want hackers to be able to freely manipulate  your internet’s security settings. A great option is to use a password manager to  generate a secure, trustworthy password you can save in a safe location.

Step 4: Update the router’s firmware

A standard router security best practice is to update your router’s settings to  automatically install firmware updates whenever they become available. This ensures  your router can protect your network from new cyberthreats as they arise. If your router doesn’t have this feature, set yourself a personal reminder to update it every month.

Step 5: Contact the authorities (if necessary)

If you experience a hacked router paired with other crimes, such as identity theft and  banking fraud, you should contact the authorities immediately. There is a high chance  a cybercriminal used the information stolen from breaking into your router to 
carry out these crimes.

Router hacking protection tips 

10 icons support tips for how to avoid getting a router hacked, all in the name of answering the question of how to tell if someone hacked your router.


To help guarantee the Cyber Safety of your router and internet connection, consider the following router hacking protection tips.

Set up automatic firmware updates 

Many routers come with the ability to automatically install firmware updates when they become available. This can help ease the fear of having your internet and router hacked by a cybercriminal with too much time on their hands.

Disable remote access 

As mentioned, remote management allows you to access your router from anywhere with a working computer. Though convenient for you, hackers can easily misuse this feature to break into your private network and information. This is why we suggest disabling remote access altogether.

Schedule routine reboots 

Similar to setting up automatic updates, scheduling a routine reboot every month or so is great for your router’s system. It helps renew its connections and wipe away any potentially malicious coding present. It also renews the public IP address associated with your router, often used by hackers to track your device’s network and internet activity.

Use complex passwords

Your router’s admin credentials are what keep hackers from being able to do what they want on your network. Keep your account safe by creating a strong, complex password. You should stay away from common phrases or guessable number combinations like “qwerty” and “12345”. Use a mix of numbers, letters, and symbols. And most importantly, never share your password with anyone.

Create a unique SSID 

An SSID is what you see when you connect a new device to your internet. These come as default for most routers, but you should change them once you set them up in your home. Hackers can use a default SSID to identify service providers. They then look on the dark web for stolen credentials and use credential stuffing and password spraying attacks to compromise your router and network.

Take advantage of guest networks

Guest networks work well for those who have frequent visitors or have a lot of IoT devices hanging around the house. They work by creating a separate internet connection apart from the one your own devices are using. That way, if a guest’s device already has a virus on it, it won’t compromise your router and spread throughout your entire network.

Turn off WPS 

Wi-Fi Protected Setup (WPS) allows you to connect devices to your internet without requiring a password. Instead, you’d use an eight-digit PIN located on your router. This is not seen as secure, as most hackers can decode this supposed security PIN within hours. Turn WPS off and use a secure SSID and password to access your internet.

Install a VPN 

A router is identifiable because of the public IP address associated with it. These are unique to each unit, so hackers know it's you once they’ve discovered your identity. To help mask these and become anonymous, you can download a VPN. These use encryption to hide your IP address as well as your online activity connected to it.

Avoid suspicious links and attachments 

Phishing emails with malware embedded inside is a popular trick hackers use to compromise routers and  personal devices. If you come across an email you don’t recognize asking for money, login credentials, or any other strange request, delete it immediately.

Download antivirus software 

This leads to our last router hacking protection tip, which is to download trusted antivirus software. Instead of analyzing every email for potentially harmful links or files, your antivirus software can help take care of it for you. Along with sending you alerts when threats arise, it also works to clean your system of the intruder.

So, if you’ve learned only one thing after reading this, it should be that you don't have to fear the day you potentially wake up to a compromised router. Learning how to tell if someone hacked your router is easier than you might  think — it’s about looking for anything out of the norm. Consider this guide as another tool you can use to safeguard your online privacy.

Hacked Wi-Fi router FAQs 

Still have questions about how to tell if someone hacked your router? We have answers.

How can I check if someone is using my router? 

A simple way to see if you have a compromised router is to unplug it for 30 seconds. Then, look for a green light to display after it restarts.

Can someone access my Wi-Fi remotely? 

Yes, hackers can access your router and Wi-Fi remotely, especially if you have either of the following:

  • Remote management is enabled in your router’s settings.
  • A weak router password that can be easily guessed.

How do I secure my Wi-Fi router? 

You can help protect your Wi-Fi router by:       

Setting up automatic firmware updates

  • Disabling remote access
  • Scheduling routine reboots
  • Using complex passwords
  • Creating a unique SSID
  • Taking advantage of guest networks
  • Turning off WPS
  • Installing a VPN
  • Avoiding suspicious links and attachments
  • Downloading antivirus software

What can a hacker do with your Wi-Fi password? 

If a hacker decodes your Wi-Fi password, they could potentially use your internet to steal private data from you and commit other online crimes.

How do I disable remote access to my router? 

Log in to your router’s admin account and look for a “Remote Administration,” “Remote Access,” or “Remote Management” tab. Once you’ve clicked on it, make sure it’s disabled.

Does a router provide security? 

Routers come with a standard amount of security, featuring a default firewall that helps block any malicious requests from the internet. 


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.