Security Checklists
Home Network Security Checklist 2026
May 29, 2026 · 7 minute read · SentinelHome101
This checklist covers every item you should verify to make sure your home network is properly secured. Work through it top to bottom, tackle the critical items first, and revisit it once a year or any time you make significant changes to your network.
Each item includes a short explanation of why it matters and what to do about it. If something is already taken care of, check it off and move on. If you find something that needs fixing, do it before continuing to the next item.
Critical, fix immediately
Router and WiFi
Router admin password changed from default
Log into your router (type your Default Gateway address into a browser). If you can log in with admin/admin, admin/password, or any other factory default, change the password immediately. Default credentials are publicly listed online.
WiFi using WPA2 or WPA3 security
Go to your router's wireless settings and confirm the security protocol is WPA2-AES or WPA3. WPA (TKIP), WEP, and open networks are all insecure and should be changed immediately.
UPnP disabled
Universal Plug and Play lets devices automatically open firewall ports without your permission. This includes malware. Find the UPnP setting in your router's advanced settings and turn it off.
Remote management disabled
Remote management allows access to your router's admin interface from outside your home network. Unless you have a specific need for this, it should be off.
Router firmware is up to date
Check your router's admin interface for a firmware update option. Router manufacturers release updates that patch security vulnerabilities. Running outdated firmware leaves known holes open.
DNS servers are legitimate
Check your router's WAN DNS settings. They should point to a known service like Cloudflare (1.1.1.1), Google (8.8.8.8), or your ISP. Unknown DNS addresses can indicate your router has been compromised.
WPS disabled
WiFi Protected Setup has documented security vulnerabilities in many implementations. Disable it in your router's wireless settings unless you actively use it.
Guest network isolated from main network
If you have a guest network, verify in your router settings that guest network isolation is enabled. This prevents guest devices from accessing devices on your main network.
Devices on Your Network
All connected devices are accounted for
Check your router's connected devices list and verify every device. Any device you can't identify is a potential security risk. Change your WiFi password if you find something you don't recognize and cannot explain.
IoT devices on guest or separate network
Smart speakers, cameras, thermostats, and other IoT devices are frequently vulnerable. Keeping them on a separate network or guest network limits the damage they can do if compromised.
Default passwords changed on IoT devices
Smart home devices frequently ship with default credentials. Change the admin password on every connected device, including smart TVs, cameras, printers, and routers.
Windows Endpoint Security
Windows Defender or antivirus is active and up to date
Open Windows Security from the Start menu and verify real-time protection is on and definitions are current. Windows Defender is capable protection for most home users and it's already installed.
BitLocker disk encryption enabled
Search for BitLocker in the Start menu and verify encryption is on for your main drive. Without encryption, anyone with physical access to your machine can read all your files, regardless of your login password.
Windows is fully patched
Go to Settings, then Windows Update, and install any pending updates. Unpatched Windows vulnerabilities are among the most commonly exploited attack vectors in home network compromises.
Windows Firewall enabled on all profiles
Search for Windows Defender Firewall in the Start menu and verify it is on for Domain, Private, and Public network profiles.
Secure Boot enabled
Check Secure Boot status in System Information (search msinfo32 in the Start menu). It should show "Secure Boot State: On."
Screen lock set to auto-lock after inactivity
Go to Settings and search for screen timeout. Set it to lock after 5 to 15 minutes of inactivity. Require a password to unlock.
No unexpected user accounts exist
Go to Settings, then Accounts, then Other users. Verify you recognize every account listed. Unauthorized accounts can be a sign of a previous compromise.
Backup and Recovery
Important files backed up off-device
Documents, photos, and other irreplaceable files should be backed up to a cloud service or an external drive that is not permanently connected. Ransomware will encrypt whatever it can reach.
Backups tested and verified
A backup you have never tested is not a backup, its a guess. Periodically try to restore a file from your backup to verify it actually works.
How often should you run through this checklist? Once a year for the full list. Revisit the router and device sections any time you add a new device, change your internet provider, or reset your router.
Automating the Technical Checks
The router configuration, device discovery, and Windows endpoint items on this checklist can all be checked automatically. SentinelHome101 runs all of them as part of its 101-point network security scan, flags anything that needs attention, and explains exactly how to fix each issue in plain English. Rather then working through each check manually, you can run a scan and get all the results at once.
Run this checklist automatically
SentinelHome101 checks all of the above and 70 more items in a single scan. Free for Windows.
Download Free