To test if your WiFi is secure, check your encryption type (WPA3 or WPA2-AES), scan for unknown connected devices using a network scanner like Fing, verify your router firmware is current, and run an external port scan with ShieldsUP. Fix any vulnerabilities you find by following the steps below.
Why You Need to Test Your WiFi Security
Your home WiFi connects every device you own to the internet and to each other. A single weakness in your router configuration gives attackers access to your personal files, banking credentials, smart home controls, and every password stored on connected devices. The 2025 SonicWall Cyber Threat Report found that attacks on home routers increased 154% year-over-year, with most exploiting default settings that homeowners never changed. Testing your network takes 15 minutes and tells you exactly where your vulnerabilities are.
How to Check If Your WiFi Encryption Is Strong Enough
Open your device’s WiFi settings and tap the information icon next to your connected network. Look for the security type. You want to see WPA3-Personal or WPA2-AES. If you see WEP, WPA-TKIP, or “Open,” your traffic can be intercepted by anyone within range. WEP encryption breaks in under 60 seconds with free tools, and WPA-TKIP was cracked via the KRACK attack in 2017.
To upgrade, log into your router admin panel at 192.168.0.1 or 192.168.1.1. Navigate to Wireless Security settings and select WPA3-Personal. If your router does not support WPA3, select WPA2-AES as the minimum. Set a passphrase of at least 20 characters mixing uppercase, lowercase, numbers, and symbols. For a complete walkthrough of every router setting you should change, follow our guide to securing home WiFi.
How to Check If Someone Is Using Your WiFi
Unknown devices on your network are the clearest sign of a breach. Download the Fing app (free for iOS and Android) or run Nmap from a computer. Both tools list every device connected to your router along with its manufacturer, IP address, and MAC address. Compare this list against devices you actually own.
What to Do If You Find Unknown Devices
Log into your router and navigate to the connected devices list. Block the unknown MAC address immediately. Then change your WiFi password to lock the intruder out permanently. If you see multiple unknown devices or they reappear after blocking, someone may have your admin credentials. Perform a full factory reset and reconfigure your router from scratch. Our detection and blocking guide walks you through each step in detail.
How to Test Your Router for External Vulnerabilities
Visit Gibson Research Corporation’s ShieldsUP tool at grc.com/shieldsup and run the “All Service Ports” scan. Every port on your router should report as “Stealth,” meaning it does not respond to external probes at all. Any port showing “Open” or “Closed” is visible to attackers scanning your IP address.
If you find open ports, log into your router and disable remote management under the Administration section. Turn off UPnP (Universal Plug and Play), which automatically opens ports without your knowledge. Disable any port forwarding rules you did not create yourself. Finally, verify your router’s SPI firewall is enabled.
Check Your DNS Settings for Tampering
Attackers who access your router often change DNS settings to redirect your browsing through malicious servers. Check your router’s DNS configuration under WAN or Internet settings. If the DNS addresses are unfamiliar or differ from what you set, your router may be compromised.
Switch to a secure DNS provider: Cloudflare (1.1.1.1), Quad9 (9.9.9.9), or a dedicated security-focused DNS service that blocks known malicious domains automatically. These providers encrypt your queries using DNS-over-HTTPS, preventing your ISP or attackers from monitoring which sites you visit.
Five-Minute WiFi Security Checklist
- Encryption shows WPA3 or WPA2-AES (never WEP or TKIP)
- No unknown devices appear on your network scan
- Router firmware matches the latest version on the manufacturer’s site
- ShieldsUP reports all ports as Stealth
- Remote management and WPS are both disabled
- DNS settings point to a provider you chose, not an unknown address
- Router admin password is unique and at least 16 characters
Run this checklist quarterly and after every firmware update. Network security requires ongoing verification, not a single setup session. For a broader assessment of your digital security posture, combine this WiFi test with a full router hardening checklist.
Frequently Asked Questions
How do you know if your WiFi has been hacked?
The most reliable indicator is unknown devices appearing on your network scan. Other signs include slower internet speeds without explanation, your DNS settings changing without your input, browser redirects to unfamiliar sites, and your router admin password no longer working. Run a Fing scan and check your router’s connected devices list to confirm.
Can someone see what you browse on your WiFi?
If your WiFi uses WEP or has no encryption, anyone within range can capture and read your traffic. Even with WPA2, someone who knows your WiFi password can potentially intercept data using tools like Wireshark. WPA3 prevents this through individual data encryption for each device. Always use HTTPS websites and consider a VPN for an additional layer of privacy on shared networks.
Is it safe to use WiFi without a password?
No. An open WiFi network transmits all data in plain text. Anyone within range can capture your login credentials, emails, and browsing history without any special tools. Always enable WPA3 or WPA2-AES encryption with a strong passphrase. There is no legitimate reason to run a home network without password protection.