Disable Wi-Fi Protected Setup (WPS)

The rationale behind the creation of WPS was to help non-technical folks quickly add devices onto their network without complex configuration. Whilst WPS does achieve this goal, WPS is horribly insecure. A router with WPS enabled is highly vulnerable. A successful attack on your router’s WPS function will reveal your network password in a matter of hours – regardless of how strong that password it. Again, there is no point putting a strong password on a weak network. Our next task is to disable WPS.

How to disable WPS on your wi-fi router?

The WPS option will be somewhere amongst the WIRELESS configuration options. All routers are different, so you’ll have to do some clicking. It might be considered an ADVANCED option on your router. It might also be labeled ‘Wi-Fi Protected Setup’ rather than WPS. Our goal here is to switch it off and otherwise disable it.

WPS comes in two flavours. There’s a PIN version and a Button version. The button version is much safer because it requires someone to press the WPS button on the router in order for WPS to be active. And it automatically switches off a few minutes later. The PIN version is always on, and so horribly risky. Your router may allow you to disable WPS altogether, or just disable the PIN version.

Disable the PIN version of WPS as it has horrible vulnerabilities

As a minimum, we need to disable the WPS PIN. The example above is taken from a TP-Link router, and shows that the WPS PIN method can be disabled, leaving the button method live. This is fine, as the button needs to be physically pressed in order for WPS to be temporarily switched on.

What will happen after you disable WPS on your wi-fi router?

WPS is a great example of the trade-off between convenience and security. WPS was designed with convenience in mind, which means that it also compromises your security. WPS works by allow us to join a wi-fi network without needing to know the network password. You simply push the WPS button on the router, join the network and you’re in. Unfortunately, WPS is horribly insecure and can be used as a means for attackers to gain access to your network. This is why we disable WPS. Once disabled, you’ll need to use the conventional password method to add additional devices to your wi-fi network (less convenient) but your router will no longer be vulnerable to a WPS attack (more secure).

Next up - Disable Universal Plug and Play