Router firmware, DNS, guest VLANs and the one setting everyone forgets. A practical checklist, no jargon.
1. Update router firmware
It's the single most-effective thing you can do. Old firmware = old known exploits. Log in to your router admin, find the Firmware section, install the latest stable build.
2. Change the default admin password
Default credentials are the first thing automated scanners try. Use a 20+ character passphrase. Store it in Senton Pass.
3. WPA3 (or WPA2-AES) only
Disable WPA, WEP, and WPS. Disable "guest network" passwords like "12345678".
4. DNS over HTTPS
Point your router DNS at a privacy-respecting resolver (1.1.1.1, 9.9.9.9, or Senton VPN's built-in resolver). This stops your ISP seeing every domain you visit.
5. Guest VLAN for IoT
Smart bulbs and cameras are notorious for being insecure. Put them on a separate "Guest" Wi-Fi so a compromised lightbulb can't reach your laptop.
6. The one everyone forgets
Disable UPnP. It opens incoming ports automatically and is regularly exploited.