Hackers love routers because if you can get into one, you have access to pretty much everything connected to it. Despite this, many of us simply ignore them - leaving us open to attack.

If you don't believe me, you can use a tool called Shodan to see for yourself. Shodan is a search engine much like Google, but instead of looking for information, it's designed to find devices connected to the internet. A pre-cooked search will bring up a list of devices with default passwords, i.e. the password that can be found with a simple Google Search.

In a real-world example of using default passwords, I changed the settings on the router in a holiday property because it turned out that the open WiFi hotspot was providing internet access to most of the surrounding village, which explained why the connection speed was so unbearably slow. Fixing the issue was simply a question of googling the default password, logging into the router and adding a WiFi password. The howls of protest from neighbouring houses were something to behold.

So don't ignore your router! Give it some TLC and when updates cease, unfortunately, it's time to replace it - even if it's still working perfectly well.

A note; this advice applies to routers that you buy yourself. Most of the devices supplied by internet service providers (ISPs) are designed to update themselves and the passwords tend to be unique. Do check though; we've provided links to the most common UK ISPs below.

Securing your router

1. Log in to your router; this is usually simply a case of using your web browser to navigate to an IP address (which often will be written on the device and, if not, will be in the manual or can be found online).
2. Check the default administrator password has been changed to something long, strong and unique. Ideally, use a password manager to create and store this.
3. Check for any firmware updates (usually to be found under Settings). 
4. Set a reminder to check for updates every month. Once the manufacturer stops issuing updates, it's time to throw the device away (which is obviously ridiculous because it will almost always be working perfectly well).
5. Turn off remote access (aka "Remote Administration" or "Administration from WAN/Internet")
6. Make sure the firewall is active.
7. Ports. Unless you're an advanced user, there shouldn't be any ports open or forwarded. If in doubt, seek advice.
8. Check your WiFi is secured with at least WPA2 security (the latest standard is WPA3). 
9. Check your WiFi password is long, strong, unique - and definitely not the same as the administrator password!
10. Review the devices that are connected to the router and check any you don't recognise. 
11. Universal Plug and Play (UPnP) is designed to make it easier for devices like smart TVs and games consoles to connect to the internet - but it has also been identified as a potential security risk. Ideally, it should be turned off.

UK ISPs
BT
TalkTalk
Sky
Virgin Media
Vodafone