PONG// pong.com v3.0OPERATIONAL
pong@pong-com blog/someone-stealing-your-wifi$
SecurityJune 8, 2026· 10 min read
ByJonah Larson· Contributing Technology Writer

Is Someone Stealing Your WiFi? How to Check and Lock Them Out

If your internet suddenly feels slow despite having a fast plan, someone might be using your WiFi without permission. Here is how to check every device on your network, spot unauthorized connections, and secure your WiFi with WPA3, strong passwords, and router hardening so freeloaders cannot get back on.

Your internet plan says 500 Mbps. Your speed test says 47 Mbps. You have restarted your router three times. Nothing helps. Before you call your ISP, consider the possibility that your slow speeds are not a provider problem — they are a neighbor problem.

WiFi theft is more common than most people realize. If your network password is weak, unchanged from the default, or was shared with someone who no longer needs access, you could have unauthorized devices quietly consuming your bandwidth right now. Every device on your network competes for the same airtime and throughput. Even one unauthorized user streaming video can crater your speeds during peak hours.

Here is how to find out exactly who is on your network, remove anyone who should not be there, and lock your WiFi down so it does not happen again.

// SPEED TEST

Measure your real-world speed, ping, jitter, and bufferbloat. Free, no signup required.

> Run Free Speed Test

Signs Someone Might Be Stealing Your WiFi

None of these symptoms guarantee someone is freeloading on your network — they could all have other explanations. But if you are experiencing several at once, it is worth investigating.

  • Sudden speed drops — Your connection was fine last week and now it is consistently slower, especially in the evenings when more people are home.
  • Unexplained data usage — Your ISP sends a data cap warning earlier than usual and nobody in your household changed their habits.
  • Router activity lights blinking when nobody is online — If it is 3 AM, all your devices are off, and the WiFi LED on your router is rapidly blinking, something is actively transmitting data.
  • Unknown devices in your router admin panel — You see device names you do not recognize in the connected devices list.
  • Buffering and lag that appeared out of nowhere — Video calls stutter, streams buffer, and gaming ping spikes even though your connection tested fast before.

How to Check Who Is on Your WiFi Right Now

Every router keeps a list of devices currently connected to your network. Checking this list is the fastest way to spot unauthorized users.

Method 1: Check Your Router Admin Panel

  1. Open a browser and go to your router's IP address — usually 192.168.1.1 or 192.168.0.1 or 10.0.0.1. If none of those work, open a command prompt and type ipconfig (Windows) or check your network settings (Mac) to find the default gateway.
  2. Log in with your router admin credentials. If you never changed these, the default username and password are usually printed on a sticker on the router itself. Common defaults are admin/admin or admin/password.
  3. Find the section labeled Connected Devices, Attached Devices, DHCP Client List, or Wireless Clients. The exact name varies by manufacturer.
  4. Review every device on the list. Each entry typically shows a device name, MAC address, and IP address. Compare this to the devices you know are in your household — phones, laptops, tablets, smart TVs, game consoles, smart home devices.

Method 2: Use a Network Scanner App

If your router's admin panel is confusing or hard to access, free network scanner apps like Fing (iOS/Android), Angry IP Scanner (desktop), or Advanced IP Scanner (Windows) can scan your local network and list every connected device with its name, manufacturer, MAC address, and IP address. These apps are often easier to read than the router admin page.

Method 3: Check Your Router's App

Most modern routers from companies like TP-Link, Netgear, Asus, and Eero have companion smartphone apps that show connected devices in a cleaner interface than the web admin panel. If your router has an app, check there first — it is usually the quickest option.

What to Do If You Find Unauthorized Devices

If you spot devices that definitely do not belong to anyone in your household, here is the immediate action plan.

Step 1: Change Your WiFi Password Immediately

This is the single most effective action. Changing your WiFi password instantly disconnects every device on the network. Your own devices will need to reconnect with the new password, but so will any unauthorized users — and they will not know the new one. Go to your router's wireless settings, change the password to something strong (more on this below), and save.

Step 2: Change Your Router Admin Password Too

If someone was on your WiFi, they may have also accessed your router's admin panel using the default credentials. Change the router admin login password to something unique. This prevents anyone from modifying your settings even if they somehow get back on the network.

Step 3: Check for Settings Changes

While you are in the router admin panel, check that your DNS settings have not been changed (they should be set to automatic or your ISP's defaults), your firmware has not been downgraded, and no port forwarding rules or remote management options were enabled without your knowledge. A sophisticated attacker could have modified these to maintain access or intercept your traffic.

How to Lock Down Your WiFi So It Does Not Happen Again

Once you have kicked off unauthorized users, harden your network so they cannot get back on. These steps take about 15 minutes and make a dramatic difference.

Use WPA3 Encryption (or WPA2-AES at Minimum)

WPA3 is the current gold standard for WiFi encryption in 2026. It replaces WPA2's vulnerable four-way handshake with SAE (Simultaneous Authentication of Equals), which prevents offline dictionary attacks entirely. With WPA2, an attacker could capture your handshake and brute-force your password on their own hardware indefinitely. With WPA3, every password guess requires live interaction with your router, making brute force impractical.

Go to your router's wireless security settings and select WPA3-Personal if available. If your router or some older devices do not support WPA3, use WPA2/WPA3 transitional mode as a compromise, or WPA2-AES as a fallback. Never use WPA, WEP, or TKIP — these are broken and can be cracked in minutes.

ProtocolStatusCrack TimeRecommendation
WPA3-SAECurrent standardNot practically crackableUse this
WPA2-AESStill acceptableHours to days with weak passwordOK if WPA3 unavailable
WPA2-TKIPDeprecatedMinutes to hoursDo not use
WPABrokenMinutesDo not use
WEPBrokenSecondsDo not use

Set a Strong WiFi Password

The most common way people get on your WiFi is not hacking — it is guessing weak passwords. Avoid short passwords, dictionary words, addresses, phone numbers, pet names, or anything personally identifiable. Use a passphrase of at least 15 characters that combines random words with numbers and symbols. Something like correct-horse-battery-staple-92! is far stronger than P@ssw0rd123 and easier to remember.

Disable WPS (WiFi Protected Setup)

WPS lets you connect devices by pressing a button on the router or entering a short PIN instead of typing the full WiFi password. The problem is that the WPS PIN is only 8 digits and can be brute-forced in hours, completely bypassing whatever strong password you set. Disable WPS in your router settings. The minor convenience is not worth the security hole.

Update Your Router Firmware

Router manufacturers regularly release firmware updates that patch security vulnerabilities. Many routers have auto-update features — make sure yours is enabled. If not, check the manufacturer's website or your router's admin panel for updates every few months. Running outdated firmware is one of the most common ways routers get compromised.

Disable Remote Management

Remote management (sometimes called remote administration or WAN access) lets you access your router's admin panel from outside your home network. Unless you specifically need this feature — and most home users do not — disable it. It is an unnecessary attack surface that lets anyone on the internet attempt to log into your router.

Set Up a Guest Network

Instead of giving visitors your main WiFi password, create a guest network with a separate password. Guest networks are isolated from your main network, so guests cannot see your devices, shared files, or printers. When visitors leave, you can change the guest password without disrupting your own devices. Most modern routers support this — look for a "Guest Network" option in your wireless settings.

Advanced Security Measures (Optional but Effective)

MAC Address Filtering

Every network device has a unique MAC (Media Access Control) address. You can configure your router to only allow connections from specific MAC addresses — an allowlist approach. This adds a layer of defense, but be aware that MAC addresses can be spoofed by knowledgeable attackers, so this should supplement strong encryption, not replace it. It is effective against casual freeloaders.

Reduce WiFi Transmit Power

If your router's signal reaches well beyond your home — into the parking lot, neighboring apartments, or across the street — you are broadcasting an invitation. Some routers let you reduce the transmit power in advanced wireless settings. Lowering it so the signal covers your living space but fades outside your walls reduces the opportunity for neighbors to even see your network.

Monitor Your Network Regularly

Make it a habit to check your connected devices list periodically — once a month is enough. Some routers and apps can send notifications when a new device joins the network. Enable this feature if available. Catching unauthorized access early limits the damage.

Frequently Asked Questions

?>Is WiFi theft illegal?
In most US states and many countries, using someone's WiFi without permission is illegal under computer fraud and unauthorized access laws. However, enforcement is rare for casual use. The bigger concern for you as the network owner is the bandwidth impact, the security risk (they are inside your network), and potential liability if they use your connection for illegal activity — which would trace back to your IP address.
?>Should I hide my SSID (network name)?
Hiding your SSID provides almost no real security benefit. Hidden networks still broadcast probe requests that any free WiFi scanning tool can detect. Worse, hiding your SSID can cause connection issues with some devices and actually makes your devices less secure because they constantly broadcast the hidden network name while searching for it. Keep your SSID visible and focus on strong encryption and a strong password instead.
?>Can someone steal my WiFi if I have WPA3?
WPA3 makes it extremely difficult to crack your WiFi password through technical means. The SAE handshake eliminates offline brute-force attacks entirely. However, WPA3 does not protect against social engineering — someone could still get on your network if they learn your password through other means, like reading it off a sticky note on your router, or if you share it and never change it.
?>Does someone on my WiFi mean they can see my data?
Being on the same WiFi network does give someone the theoretical ability to intercept unencrypted traffic. However, most modern websites and apps use HTTPS encryption, which protects your data even on a shared network. The real risk is more about bandwidth theft, access to shared network resources (printers, NAS drives, shared folders), and your IP address being associated with their online activity.
?>How often should I change my WiFi password?
Change your WiFi password whenever you suspect unauthorized access, after a guest no longer needs it, or if you shared it widely (like for a party). Routine changes every 6 to 12 months are reasonable. More important than frequency is using a strong, unique password and WPA3 encryption. If you use a guest network for visitors, you can change that password frequently without disrupting your own devices.

WiFi Security Checklist

Run through this list to make sure your home WiFi is properly secured. Most of these settings are in your router's admin panel at 192.168.1.1 or via your router's app.

  • WiFi encryption set to WPA3-Personal (or WPA2-AES minimum)
  • WiFi password is 15+ characters and not a dictionary word, address, or default
  • Router admin password changed from the factory default
  • WPS disabled in wireless settings
  • Router firmware updated to the latest version
  • Remote management disabled unless specifically needed
  • Guest network enabled for visitors with a separate password
  • Connected devices list reviewed — no unknown devices present
  • DNS settings unchanged from ISP defaults (not redirected)
  • New device notifications enabled if your router supports it

Bottom Line

WiFi theft is a real and common cause of unexplained slow internet. The fix is straightforward: check your connected devices list, change your password if anything looks wrong, and harden your router settings. WPA3 encryption with a strong passphrase makes brute-force attacks impractical. Disabling WPS closes the most exploited shortcut. A guest network eliminates the need to share your main password.

Start with a speed test on pong.com to see if your connection is actually underperforming. If it is, check your connected devices before calling your ISP. The problem might be closer to home than you think.

// SPEED TEST

Measure your real-world speed, ping, jitter, and bufferbloat. Free, no signup required.

> Run Free Speed Test

// Related Posts

Advertisement
// READY TO TEST?

Use our free speed test to measure your ping, download, upload, and bufferbloat. No signup required.

> Run Speed Test