PanicStation.org
UK USA
uk Technology & digital loss router remote admin enabled • remote administration turned on • router settings changed • router hacked maybe • wifi router compromised • unknown router login • someone accessed my router • remote management enabled • router security breach • home network tampering • router port opened • isp router settings changed • suspicious router activity • admin interface exposed • dns settings changed • port forwarding added • upnp enabled unexpectedly • wps turned on • router firmware outdated • internet connection hijacked

What to do if…
your router settings show remote administration was turned on and you did not enable it

Short answer

Disconnect the router from the internet, then log in locally and turn remote administration off. After that, change the router’s admin password and update firmware (or factory reset if you can’t trust the settings).

Do not do these things

  • Don’t leave the router online “to watch what happens” — that can allow continued access.
  • Don’t use the same password you use anywhere else for the router admin login.
  • Don’t rely on Wi-Fi password changes alone (router admin access is separate).
  • Don’t randomly toggle lots of settings while panicking — you can lock yourself out or miss what mattered.
  • Don’t follow “fix” links or calls/emails claiming to be your ISP unless you independently verify them.

What to do now

  1. Get to a safer pause and cut internet access to the router.
    Unplug the router’s WAN/Internet cable (or switch the modem off), or power the router off. Leave your computer/phone on so you can work calmly.

  2. Record what you’re seeing before you change it.
    Take clear photos/screenshots of: the remote administration setting, admin users, port forwarding/firewall rules, DNS settings, device list, logs/“system events”, and firmware version.

  3. Log in to the router locally (not from outside).
    Connect by Ethernet if you can. If you must use Wi-Fi, connect only to your own network.

  4. Turn off remote administration (and similar “from the internet” access).
    Disable anything like: Remote Management / Remote Admin / Web Access from WAN / Admin from Internet / Cloud or app-based remote management (if you don’t need it).
    If you’re unsure whether a setting is ISP-managed, don’t force it — leave the router offline and use your ISP’s verified support channels to confirm what’s safe to change.

  5. Change the router admin credentials immediately.

    • Set a strong, unique admin password (and change the admin username if your router allows).
    • If your router supports it, enable 2-step verification for admin access.
    • Log out all sessions if there’s an option.

  6. Check for the common “silent takeover” changes and undo them.

    • DNS: set DNS back to “automatic” or to a trusted provider you chose.
    • Port forwarding / firewall rules: remove anything you didn’t create.
    • UPnP: turn off if you don’t specifically need it.
    • WPS: turn off.
    • Admin users: remove unknown accounts; disable guest/admin sharing features.

  7. Update firmware, then reboot.
    Do this only from the router’s built-in update feature or your ISP/manufacturer’s official app/support process (not from pop-ups, emails, or random websites). After updating, reboot and re-check that remote admin is still off.

  8. If you cannot confidently regain control: factory reset and rebuild.
    If settings keep reverting, you can’t change the admin password, there are unknown admin accounts you can’t remove, or the router is very old/out of support:

    • Do a full factory reset.
    • Reconfigure from scratch (don’t import a saved config file you don’t fully trust).
    • If it’s ISP-supplied, contact your ISP and ask for help securing it or replacing it.

  9. Change your Wi-Fi details after the router is secured.
    Set a new Wi-Fi password (WPA2/WPA3), and consider changing the Wi-Fi network name. Reconnect devices one by one.

  10. If you suspect wider compromise, secure your key accounts.
    If you notice banking/email/social logins, password manager alerts, or unknown devices: change your email password first, enable 2-step verification, and sign out of other sessions.

  11. If you believe this was cyber crime or fraud, report it (optional).

  • If you’re in England/Wales/Northern Ireland, report cyber crime/fraud via Report Fraud (online reporting).
  • If you’re in Scotland, report via Police Scotland (101 for non-emergency).
    If a crime is happening right now or there’s immediate danger, use emergency services.

What can wait

  • You don’t need to decide “who did it” right now.
  • You don’t need to replace every device immediately (secure the router first).
  • You don’t need to rebuild your whole home network today unless control can’t be regained.
  • You don’t need to contact everyone in the household until you’ve stabilised access and set new Wi-Fi details.

Important reassurance

Seeing remote administration enabled unexpectedly is unsettling, but you can reduce risk quickly by taking the router offline, turning remote access off, and resetting credentials. Even if it turns out to be a mis-click, auto-update, or ISP change, these steps are still sensible and low-regret.

Scope note

This covers first steps to stabilise and prevent further access. If you keep seeing settings change, or you suspect targeted harassment or financial fraud, you may need specialist help from your ISP or a reputable security professional.

Important note

This is general information, not professional security or legal advice. Router menus and ISP equipment vary; if you’re unsure about a setting, prioritise taking the router offline and getting verified support through your ISP’s official channels.

Additional Resources
Support us