How to Detect and Remove Intruders From Your WiFi Network
Slow speeds, unknown devices, blinking router lights — someone may be piggybacking on your WiFi. Here’s exactly how to find out who’s connected and kick them off for good.
If your internet feels slower than usual or you suspect someone is piggybacking on your WiFi, you’re not being paranoid. Unauthorized access to home networks is surprisingly common — and surprisingly easy to detect and stop. Here’s exactly how to find out who’s on your network and lock them out for good.
Signs That Someone Is on Your WiFi
Before diving into router settings, watch for these warning signs:
- Unexplained slowdowns: Buffering, lag on video calls, or sluggish downloads — especially when your own devices aren’t doing anything heavy — can signal an uninvited guest consuming your bandwidth.
- Unknown devices in your device list: Unfamiliar device names appearing in your router’s connected-devices panel is the clearest indicator of an intruder.
- Router activity lights blinking when all your devices are off: The WiFi activity LED should be calm when all your devices are disconnected. Continuous rapid blinking while “nothing” is active suggests an unknown device is transferring data.
- Unexplained data usage spikes: If your ISP reports more data consumed than your habits explain, someone else may be using your connection.
How to Check Who Is Connected to Your Router
Every router maintains a real-time list of connected devices. Here’s how to find it on the most popular brands:
Netgear
Navigate to routerlogin.net (or 192.168.1.1), log in with your admin credentials, then click Attached Devices in the left navigation panel. You’ll see every connected device listed by IP address, MAC address, and device name.
TP-Link
Go to 192.168.0.1 and log in. On the Basic tab, click Network Map then the Clients icon to see connected devices. For full MAC address details, go to Advanced → Network → DHCP Server → DHCP Client List.
ASUS
Access the admin panel at 192.168.1.1 or www.asusrouter.com. On the Network Map page, click the Clients icon to open a list of every connected device with its IP, MAC address, and connection type.
Linksys
Log in at 192.168.1.1 or via the Linksys Smart Wi-Fi cloud portal. Navigate to Network Map (or Device List on older firmware) to see all connected clients.
Use an App to Scan Your Network
Router admin panels can be clunky. These free tools make network scanning easier and more readable:
- Fing (iOS, Android, Windows, macOS) — the most popular consumer network scanner. Identifies every device with its brand, model, and OS. The free tier covers basic scanning; Fing Premium adds continuous monitoring and intrusion alerts.
- Wireless Network Watcher by NirSoft (Windows, free) — lightweight and no installation required. Runs in the background and alerts you when a new device joins. Exports results to CSV, HTML, or XML.
- Advanced IP Scanner (Windows, free) — displays IP addresses, MAC addresses, and device manufacturers. Also allows direct remote-desktop connections to Windows PCs on your network.
- Angry IP Scanner (Windows, macOS, Linux, free) — fast, cross-platform, and open-source. Ideal for a quick inventory of all active hosts on any operating system.
How to Remove an Intruder From Your WiFi
Method 1: Change Your WiFi Password (Most Effective)
Changing your password immediately disconnects every device on the network — including the intruder. Log into your router admin panel, navigate to Wireless Settings, and update the WPA2/WPA3 passphrase to something new and strong — at least 12–16 characters mixing uppercase, lowercase, numbers, and symbols. After saving, reconnect only your own trusted devices.
Method 2: Block by MAC Address
Every network device has a unique hardware identifier called a MAC address. In your router’s Wireless → MAC Filtering section (sometimes called “Access Control”), add the unknown device’s MAC address to the deny list. This removes that specific device without forcing a password change on all your other devices. Note: a technically savvy intruder can spoof their MAC address, so combine this method with a password change for full protection.
Method 3: Use the Router’s Block Button
Many modern routers from ASUS, Netgear, and TP-Link let you select a device from the connected-devices list and click a Block or Deny Access button directly. This is the fastest way to remove one specific device without changing any global settings. Check your router’s web interface or companion app for this option.
How to Prevent Future Intrusions
Switch to WPA3 (or WPA2-AES at Minimum)
WPA3 is the current WiFi security standard. It defeats brute-force password attacks using Simultaneous Authentication of Equals (SAE) and provides forward secrecy — meaning past sessions stay private even if the password is later compromised. If your router supports WPA3, enable it. If not, use WPA2 with AES; never TKIP, and never WEP, which is trivially crackable in minutes. See our guide on WPA2 vs WPA3 for details on enabling the right security mode.
Disable WPS
Wi-Fi Protected Setup (WPS) lets devices join using an 8-digit PIN — but that PIN is validated in two 4-digit halves, drastically reducing the brute-force search space. An attacker can crack it in hours regardless of how strong your main password is. Disable WPS immediately in your router’s wireless settings. This is one of the highest-priority security changes you can make.
Create a Guest Network for Visitors and IoT Devices
Most modern routers support a separate guest SSID that is isolated from your primary LAN. Put visitors, smart speakers, cameras, and other IoT devices on the guest network so they can’t reach your computers or NAS drives even if compromised. For step-by-step setup, see our guide on how to set up a guest WiFi network.
Keep Router Firmware Updated
Router manufacturers release firmware patches for known security vulnerabilities. Enable automatic firmware updates in your router’s settings or check monthly in the admin panel — outdated firmware is one of the most exploited attack vectors. Our router firmware update guide walks through the process for all major brands.
Change Default Admin Credentials
Default usernames and passwords like admin/admin or admin/password are publicly documented online. Change them immediately after setting up any new router to prevent an intruder from not just using your WiFi but taking full control of the router itself.
What to Do After Removing an Intruder
Once you’ve kicked out the unauthorized user, do a full audit: inventory every device currently on your network, run a WiFi speed test to confirm your speeds have recovered, and review your router logs if available (see our guide on how to check router logs). If you suspect the intruder accessed your router’s admin panel, perform a factory reset and configure fresh credentials from scratch.
Checking your network every few weeks — especially after having guests over — takes under two minutes with Fing or your router app and keeps your connection secure and performing at full speed.
Related Articles
Why Is My WiFi So Slow? 8 Common Causes and How to Fix Them
Struggling with slow WiFi? From router placement to channel congestion, here are the most common reasons your WiFi is underperforming and what you can do about it.
WiFi 6E Explained: Is It Worth Upgrading in 2026?
WiFi 6E opens up the 6GHz band for blazing fast speeds with less interference. Here's what it means for you and whether you should upgrade now.
How to Test Your WiFi Speed Accurately: A Complete Guide
Getting inconsistent speed test results? Learn how to test your WiFi speed the right way for accurate, reliable measurements every time.