Advanced Router Settings to Optimise Speed and Security

Most routers ship tuned for “works out of the box,” not “works best for you.” Spend twenty minutes in the admin panel and you can meaningfully improve both speed and security. Here are the settings worth changing — and the ones to leave alone.

Start here: log in and back up

Open your router's admin panel (usually 192.168.1.1 or 192.168.0.1 — find your gateway with ipconfig/ip route). Before changing anything, export the current configuration so you can roll back. Then change the default admin password if you somehow still haven't — it's the number-one router vulnerability.

Security settings that matter most

Use WPA3 (or WPA2-AES)

Set Wi-Fi encryption to WPA3 if your devices support it, or WPA2 with AES otherwise. Never use WEP or WPA-TKIP — both are trivially broken. If you have a mix of old and new devices, “WPA2/WPA3 mixed mode” keeps everything working while giving new devices the stronger protocol.

Update the firmware

Router firmware patches real, exploited vulnerabilities. Enable automatic updates if available, or check quarterly. An unpatched router is the easiest way into your whole network.

Disable WPS, UPnP and remote admin

• WPS (the push-button pairing) has known brute-force weaknesses — turn it off.
• UPnP lets devices open firewall ports automatically; convenient but a common attack vector. Disable it unless a specific app needs it.
• Remote management exposes the admin panel to the internet. Keep it off unless you absolutely need it, and never on the default port.

Set up a guest network

Put visitors and especially smart-home/IoT gadgets on a separate guest network isolated from your main one. If a cheap smart plug is compromised, it can't reach your laptop or NAS.

Speed and reliability settings

Pick the right channels

On 2.4 GHz, only channels 1, 6 and 11 don't overlap — pick whichever is least congested around you. On 5 GHz there's far more room and less interference; prefer it for nearby, high-bandwidth devices. Many routers have an “auto” mode, but manually choosing a clear channel often beats it in crowded apartment blocks.

Use the right band — and band steering

5 GHz is faster but shorter-range; 2.4 GHz reaches further and through walls. Band steering (often called “smart connect”) lets the router put each device on the best band automatically. It usually helps, but if specific devices misbehave, splitting the bands into separate network names can be more predictable.

Set channel width sensibly

Wider channels (80/160 MHz on 5 GHz) mean more speed but more susceptibility to interference. In a noisy environment, 40 MHz can actually be faster and more stable than 80. On 2.4 GHz, stick to 20 MHz to avoid clobbering your neighbours and yourself.

Enable QoS for what you care about

Quality of Service prioritises traffic so a big download doesn't ruin a video call. Modern routers offer “smart” QoS (often based on the fq_codel algorithm) that dramatically reduces bufferbloat — the lag spikes that make a fast connection feel slow under load. If your router supports it, turn it on and set your real line speed.

DNS and privacy on the router

Change the router's DNS servers to a fast, privacy-respecting resolver such as Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) to speed up lookups and bypass ISP DNS. Some routers support encrypted DNS (DoH/DoT) for the whole network — worth enabling. Pair this with the advice in our DNS leak guide.

Placement beats settings

No setting compensates for a router in a cupboard on the floor. Put it central, elevated and in the open, away from microwaves, cordless phones and thick walls. For larger homes, a mesh system or a wired access point beats fighting the laws of physics with antenna tweaks.

Verify your changes

After tuning, confirm the result objectively: run the speed test from a few rooms, check latency and jitter under load, and make sure every device reconnected. Re-test after each change so you know what actually helped.

Prioritise in this order: security first (WPA3, firmware, disable WPS/UPnP/remote admin), then reliability (channels, QoS), then raw speed. A fast network you don't control isn't a bargain.