Priority #2 - Disable Wi-Fi Protected Setup (WPS)
The rationale behind the creation of WPS was to help non-technical folks quickly add devices onto their network without complex configuration. Whilst WPS does achieve this goal, WPS is horribly insecure. A router with WPS enabled is highly vulnerable. A successful attack on your router’s WPS function will reveal your network password in a matter of hours – regardless of how strong that password it. Again, there is no point putting a strong password on a weak network. Our next task is to disable WPS.
The WPS option will be somewhere amongst the WIRELESS configuration options. All routers are different, so you’ll have to do some clicking. It might be considered an ADVANCED option on your router. It might also be labeled ‘Wi-Fi Protected Setup’ rather than WPS. Our goal here is to switch it off and otherwise disable it.
WPS comes in two flavours. There’s a PIN version and a Button version. The button version is much safer because it requires someone to press the WPS button on the router in order for WPS to be active. And it automatically switches off a few minutes later. The PIN version is always on, and so horribly risky. Your router may allow you to disable WPS altogether, or just disable the PIN version.
As a minimum, we need to disable the WPS PIN. The example above is taken from a TP-Link router, and shows that the WPS PIN method can be disabled, leaving the button method live. This is fine, as the button needs to be physically pressed in order for WPS to be temporarily switched on.