1. Unknown devices appear on your network
One of the clearest signs of a problem is a device connected to your router that you do not recognize. Most routers provide a connected-device list. It may show names like iPhone, Android, laptop, printer, TV, or manufacturer names.
Be careful before panicking: unknown does not always mean malicious. Some devices use private addresses, and many smart devices have confusing names. But if a device keeps reappearing after you remove it, or if it appears at strange times, take it seriously.
The safest response is to change the WiFi password, use WPA2 or WPA3, and reconnect only devices you trust.
2. Your internet becomes unusually slow
Slow internet can have many causes: ISP problems, weak signal, old equipment, too many devices, or background downloads. But it can also happen if someone is using your WiFi without permission.
Look for patterns. If the slowdown happens at the same time every day, or your router shows heavy traffic while your own devices are idle, review connected devices and change your WiFi password.
Also check whether your router firmware is up to date. Compromised or unstable routers can behave unpredictably.
3. Browser redirects or strange DNS behavior
If your browser sends you to strange websites, shows unusual warnings, or redirects common domains to suspicious pages, your DNS settings may have been changed. DNS is the system that translates website names into IP addresses.
An attacker with router admin access can sometimes change DNS servers so that your traffic is routed through malicious infrastructure. This can expose you to phishing pages and fake login screens.
Log into your router, check DNS settings, and reset them to automatic or to a trusted provider. Then change the router admin password and update firmware.
4. Router settings changed without your action
If the WiFi name changed, the password changed, remote admin was enabled, or port forwarding rules appeared without your knowledge, treat it as a serious sign of compromise.
Document the suspicious settings if needed, then reset the router to factory defaults. After the reset, configure it again with a strong admin password, a strong WiFi password, WPA2/WPA3, and updated firmware.
Do not reuse the old passwords. If the attacker knew them once, they may try them again.
5. Devices show security warnings
Modern phones and laptops sometimes warn when a network uses weak security, weak privacy, or suspicious certificates. Do not ignore these warnings, especially if they appear suddenly on a network that previously worked normally.
Check whether the WiFi network is still yours and not an evil twin network with a similar name. Attackers can create a fake hotspot using a familiar SSID to trick people into connecting.
Forget suspicious networks on your devices and reconnect only after verifying the router settings.
What to do immediately
First, change your WiFi password. Second, change your router admin password. Third, review connected devices. Fourth, update firmware. Fifth, disable WPS and remote administration unless you truly need them.
If you suspect the router itself is compromised, perform a factory reset and configure it from scratch. After that, change passwords for sensitive online accounts from a trusted device and enable two-factor authentication where possible.
For small businesses, consider separating guest devices, staff devices, and business-critical systems into different networks or VLANs. A single flat network is easier to manage but riskier when something goes wrong.