Your internet is slow. A device you don’t recognise showed up in your router’s connected list. You’re wondering if someone has jumped on your WiFi without permission. The good news: checking takes less than five minutes, requires no technical knowledge, and your router’s admin panel shows you exactly who is connected right now. Here’s how to check, what you’re looking at, how to kick off any unauthorised devices, and how to lock down your network so it doesn’t happen again.
What You’ll Learn
How to see every device connected to your WiFi right now
How to identify unfamiliar devices and determine if they’re a threat
How to kick unauthorised devices off your network
Signs your router itself may have been compromised (more serious)
How to secure your WiFi so this can’t happen again
⏱️ 10 min read
Is Someone Hacking My WiFi – WiFi Security Check Complete Guide 2026
To check open ports and services visible from your network externally, use the Port Scanner Tool. If you’re also concerned about personal data breaches, check the Email Breach Checker — network intrusion and account compromise are different problems that often get confused.
How to See Who’s Connected Right Now
Every router has an admin panel that shows connected devices. Accessing it takes 60 seconds on any phone or computer. My step-by-step below works for the most common home routers — BT Hub, Sky Router, Virgin Media Hub, and most third-party routers.
HOW TO ACCESS YOUR ROUTER ADMIN PANEL
# Step 1: Find your router’s IP address
Windows: open Command Prompt → type: ipconfig → look for “Default Gateway”
Mac: System Settings → Network → your connection → Router IP
iPhone: Settings → WiFi → tap your network name → Router
Android: Settings → WiFi → tap network → Advanced → Gateway
Most common default: 192.168.1.1 or 192.168.0.1 or 10.0.0.1
# Step 2: Open router admin panel
Open any browser → type the router IP into the address bar
You’ll see a login page. Default credentials (if you haven’t changed them):
BT Hub: admin / password on a label on the router
Sky Router: admin / sky (often printed on the router)
Virgin Media: admin / changeme (or label on the router)
Netgear: admin / password
TP-Link: admin / admin
# Step 3: Find the connected devices list
Look for: “Connected Devices” / “DHCP List” / “Device List” / “Attached Devices”
Usually under: Home / Status / Basic / or a devices icon
You’ll see: device name, IP address, MAC address, connection type (WiFi/wired)
# Faster alternative: WiFi analyser app
Android: “WiFi Analyzer” (free on Play Store) → see all connected devices
iPhone: “Fing” (free) → network scan → shows all devices with names
securityelites.com
Router Admin Panel — Connected Devices Example
Device Name
IP Address
MAC Address
Type
iPhone-Sarah
192.168.1.5
A1:B2:C3:D4:E5:F6
WiFi
MacBook-Pro
192.168.1.6
11:22:33:44:55:66
WiFi
Samsung-TV
192.168.1.7
AA:BB:CC:DD:EE:FF
WiFi
android_a3f92
192.168.1.12
B4:C5:D6:E7:F8:09
WiFi ⚠️
⚠️ “android_a3f92” — generic name, not recognised. Investigate this device.
📸 Example connected devices list from a router admin panel. Three devices are clearly identifiable (iPhone, laptop, TV). The fourth — “android_a3f92” — has a generic auto-generated name. This could be a neighbour using your WiFi, a guest who connected months ago and never disconnected, or a device with a privacy MAC address (a normal security feature on modern phones). The next step is identifying it before taking action.
How to Identify Unfamiliar Devices
Seeing an unfamiliar device name doesn’t necessarily mean you’ve been compromised. Modern phones use randomised MAC addresses as a privacy feature — meaning your own devices might show up with generic names. My method for identifying every device on the list before assuming the worst.
DEVICE IDENTIFICATION CHECKLIST
# Count your own devices first
Phones (everyone in household) · Laptops · Tablets · Smart TVs
Smart speakers (Alexa, Google Home) · Streaming sticks (Chromecast, FireStick)
Games consoles · Smart doorbells/cameras · Smart home devices
Printers · NAS drives · Work laptops
Most households have 10–20 devices — it adds up fast
# Identify devices by MAC address manufacturer
First 6 characters of MAC address = manufacturer OUI code
Look up at: maclookup.app or macvendors.com
Example: A4:C3:F0 = Apple · F8:75:A4 = Samsung · DC:A6:32 = Raspberry Pi
# MAC address randomisation (common false alarm)
Modern iPhones, Android phones generate random MAC per network by default
Your own phone may show as “android_xxxxx” or random characters
Check: disable Private Address in phone WiFi settings → see if it gets a recognisable name
# Still can’t identify it? Try blocking it temporarily
Router admin → MAC filter → block the unknown device
Walk around your home — does anything stop working?
If nothing stops working in 5 minutes: likely someone else’s device
Signs Your Router Has Been Compromised
There are two different problems here and it’s worth separating them clearly. The first — someone using your WiFi without permission — is annoying but the fix is straightforward: change the password. The second — a router that has been compromised — where an attacker has changed DNS settings or gained admin access — is significantly more serious. These are different problems with different solutions. My checklist for the more serious scenario.
ROUTER COMPROMISE INDICATORS
# Sign 1: DNS settings changed
Router admin → WAN settings → DNS servers
Should be: your ISP’s DNS (e.g. 8.8.8.8 Google, 1.1.1.1 Cloudflare, or ISP default)
Red flag: unknown IP addresses you didn’t set → DNS hijacking (redirects your traffic)
# Sign 2: Router admin password changed
Default password no longer works → someone else has changed it
Action: factory reset the router (physical reset button)
# Sign 3: Unknown port forwarding rules
Router admin → Port Forwarding → check for rules you didn’t create
Attackers add port forwarding to expose internal devices to the internet
# Sign 4: Remote management enabled unexpectedly
Router admin → Remote Management / WAN access
Should be disabled for most home users — if it’s on and you didn’t enable it: red flag
# What to do if router is compromised
1. Factory reset: press and hold physical reset button 10+ seconds
2. Update firmware before reconnecting: router admin → firmware update
3. Change WiFi password and router admin password to something new and strong
4. Check ISP for replacement if router is very old (5+ years)
How to Remove Unauthorised Devices
REMOVING UNAUTHORISED DEVICES
# Method 1: Change your WiFi password (most effective)
Router admin → Wireless → WiFi Password → change to new strong password
This disconnects ALL devices — you’ll need to reconnect your own with the new password
Any unauthorised device that doesn’t know the new password stays off
# Method 2: MAC address blocking (more targeted)
Router admin → MAC Filter / Access Control → add unknown device MAC → Block
Blocks that specific device without disconnecting everything else
Limitation: device can spoof a different MAC address (technical users)
# Method 3: MAC allowlist (most secure)
Router admin → MAC Filter → switch to Whitelist / Allow mode
Add MAC addresses of all your legitimate devices
All other devices blocked regardless of whether they know the WiFi password
Effort: more setup, most secure — good for households with stable device lists
How to Secure Your WiFi Network
Once you’ve dealt with any current intruders, these are the settings I check on every home network. Most routers ship with weak defaults that take 10 minutes to fix and significantly improve security.
WIFI SECURITY HARDENING CHECKLIST
# 1. Change the router admin password
Default: admin/admin or admin/password → trivially guessable
Change to: unique 16+ character password, different from your WiFi password
# 2. Use WPA3 or WPA2 encryption (not WPA or WEP)
Router admin → Wireless → Security → WPA3 Personal (or WPA2 if WPA3 unavailable)
WEP and WPA are crackable in minutes — replace immediately if you see them
# 3. Use a strong WiFi password
Minimum: 12 characters, mix of letters/numbers/symbols
Avoid: your name, address, phone number, or anything guessable
Good example: randomly generated like “K7$mP2nX9vLq” from a password manager
# 4. Disable WPS (WiFi Protected Setup)
WPS has known vulnerabilities — disable it in router admin → Wireless settings
# 5. Keep router firmware updated
Router admin → Firmware/Software Update → check for updates
Many routers support auto-update — enable it
# 6. Guest network for visitors and smart devices
Create a separate guest network for: visitors, smart TVs, IoT devices
Keeps main network (with computers and phones) isolated from less trusted devices
Slow WiFi — Is It Really Someone on Your Network?
My honest answer to “is slow WiFi a sign someone is on my network” — almost never. Slow WiFi is one of the most Googled concerns about network security, and in my experience, unauthorised WiFi users are the least likely explanation. Here are the actual causes in order of likelihood.
SLOW WIFI — REAL CAUSES IN ORDER OF LIKELIHOOD
# Most likely causes (check these first)
1. Channel congestion: neighbours’ routers on the same WiFi channel → interference
Fix: router admin → Wireless → change channel to less congested one (1, 6, or 11)
2. Distance/walls: router too far away or signal blocked by thick walls/floors
Fix: move router to a central location or add a WiFi extender/mesh node
3. ISP speed issue: check your actual speed at fast.com vs your contracted speed
4. Background updates: Windows, game consoles, streaming boxes download updates at night
5. Old router: routers degrade over time — 5+ year old routers often need replacing
# Unauthorised users (unlikely for most households)
One or two people on your WiFi browsing and streaming won’t noticeably slow it down
You’d need someone downloading large torrents or running servers to notice the impact
Still worth checking the device list — but it probably isn’t the cause of slow speeds
WiFi Security — Quick Summary
Check connected devices: browser → 192.168.1.1 → login → Connected Devices list
Unknown device? MAC lookup reveals manufacturer · temporary block to identify it
More serious: DNS settings changed · admin password changed · unknown port forwarding
Remove intruder: change WiFi password (kicks everyone) or MAC block (targeted)
Harden: WPA3 · strong admin password · WPS off · firmware updated · guest network
Your WiFi — Secured
Five-minute check, 10-minute fix. Check your connected devices now, look for anything unfamiliar, and run through the hardening checklist if you haven’t already. For external exposure — what’s visible from outside your network — use the Port Scanner Tool on your public IP.
Quick Check
You log into your router admin panel and notice the DNS server addresses have been changed to IPs you don’t recognise and didn’t set. What does this mean and what should you do?
Frequently Asked Questions
How do I see who is connected to my WiFi?
Log into your router’s admin panel by typing its IP address (usually 192.168.1.1 or 192.168.0.1) into your browser. Log in with the admin credentials (often printed on a label on the router). Look for a section called “Connected Devices,” “DHCP List,” or “Device List.” This shows every device currently connected, including their name, IP address, and MAC address. For a faster option on mobile, the Fing app (iOS/Android) scans your network and shows all connected devices with manufacturer details.
Can someone use my WiFi without knowing my password?
It’s difficult but possible in some cases. WPS (WiFi Protected Setup) has known vulnerabilities that can be exploited without the WiFi password — disable WPS in your router settings. Old encryption standards (WEP, original WPA) can be cracked — upgrade to WPA2 or WPA3. If your router firmware is outdated and has known vulnerabilities, attackers could potentially gain access without credentials. For most home networks with WPA2/WPA3 and WPS disabled, someone using your WiFi almost certainly knows your password (shared it with a guest, written somewhere accessible, or it’s a weak password that was guessed).
Will changing my WiFi password kick everyone off?
Yes — changing the WiFi password disconnects all currently connected devices immediately. They will need to reconnect using the new password. This is the most effective way to remove any unauthorised device from your network, including ones you can’t identify. You’ll need to reconnect all your own devices (phones, laptops, smart TVs, streaming devices, smart speakers, printers) with the new password. Allow 15–20 minutes for this.
What is WPA3 and should I use it?
WPA3 is the latest WiFi security protocol, replacing WPA2. It provides stronger encryption and is more resistant to password guessing attacks. If your router supports WPA3 (most routers from 2019+ do), you should enable it in the wireless security settings. If you have older devices that don’t support WPA3, use WPA2/WPA3 mixed mode. Never use WEP or original WPA — both can be cracked in minutes with freely available tools.
My internet is slow — could someone be using my WiFi?
Slow internet is usually caused by network congestion, ISP issues, or your own devices running background updates rather than unauthorised users. Check your connected devices list and compare the count to what you’d expect. If you have significantly more devices than you own, that’s worth investigating. However, one or two neighbours on your WiFi typically wouldn’t cause noticeable slowdown unless they’re downloading large files. More likely causes of slow WiFi: router placement, band congestion (switch from 2.4GHz to 5GHz), peak usage times, or an ISP speed issue.
→ Related Tool
Port Scanner — Check External Exposure
→ Related
What Hackers Can Do With Your IP Address
Further Reading
- Port Scanner Tool — Check what ports and services are visible externally on your public IP. Complements the internal network check — this shows what attackers on the internet can see about your network from outside.
- What Hackers Can Do With Your IP Address — The external threat picture. Your router’s public IP is visible to anyone — understand what that exposes and what it doesn’t.
- How to Set Up a Secure Home Lab — If you want to understand home network security more deeply, a home lab teaches you how networks actually work from the ground up.
- NCSC — Home Router Security Guidance — The UK National Cyber Security Centre’s official guidance on securing home routers. Covers firmware updates, password changes, and configuration best practices aligned with government security standards.
ME
Mr Elite
Owner, SecurityElites.com
The most common WiFi security issue I find in home assessments isn’t a sophisticated attack — it’s default credentials. The router still has admin/admin or the password printed on the label that was never changed, WPS is still enabled, and the firmware hasn’t been updated since the ISP installed it three years ago. None of these take more than 10 minutes to fix. My recommendation for anyone reading this: open your router admin panel today, change the admin password to something unique, disable WPS, check for a firmware update, and set a guest network for your smart TV and other IoT devices. That’s the entire security posture improvement for 95% of home networks.
