Recommend:
To the knowledge base
Knowledge document #3467

Protecting the FRITZ!Box

In addition to computers, smartphones and smart home devices, routers are also increasingly being targeted by hackers. For this reason, every FRITZ!Box is already protected by a unique password and a unique network key in the factory settings. Thanks to the integrated firewall, all devices connected to the FRITZ!Box are fully protected against attacks from the internet.

To offer your FRITZ!Box the best protection against attacks, observe the following security tips and adjust the settings of your FRITZ!Box, if necessary.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Installing the latest FRITZ!OS

Regular updates of FRITZ!OS are an important part of our security concept. Since the attack methods used by hackers are constantly evolving, using the latest FRITZ!OS is indispensable for maximum security to reliably protect against new threats:

  1. Install the latest FRITZ!OS on the FRITZ!Box.

2 Changing the FRITZ!Box password

To prevent unauthorized persons from logging in to the FRITZ!Box with the password on the underside of the device and changing its settings, configure a new password:

  1. Change the password for the FRITZ!Box user interface.

3 Setting up secure telephony

To make sure that you are not charged for unauthorized calls to international numbers or premium-rate services, set up call blocks for calls to international numbers and premium-rate numbers:

  1. Set up call blocks for calls to international numbers and premium-rate numbers in the FRITZ!Box. Instead, you can also have your telephony provider block these number ranges.

4 Securing your Wi-Fi

If the FRITZ!Box is located somewhere where unauthorized persons can access it, configure a new network key and disable WPS (Wi-Fi Protected Setup) in the FRITZ!Box. This way, unauthorized persons cannot use the network key from the underside of the FRITZ!Box or push a button to use Wi-Fi to connect to the FRITZ!Box.

Change the network key

  1. Click "Wi-Fi" ("Wireless") in the FRITZ!Box user interface.
  2. Click "Security" in the "Wi-Fi" ("Wireless") menu.
  3. Click on the "Encryption" tab.
  4. Enable the option "WPA encryption".
  5. Enter a new password in the "Network key" field. Use numerals, letters, and other characters, and mix upper and lower case letters.
  6. Click "Apply" to save the settings.

Disabling WPS

  1. Click "Wi-Fi" ("Wireless") in the FRITZ!Box user interface.
  2. Click "Security" in the "Wi-Fi" ("Wireless") menu.
  3. Click on the "WPS Quick Connection" tab.
  4. Disable the option "WPS enabled".
  5. Click "Apply" to save the settings.

5 Setting up secure internet access

If you configured sharings in the FRITZ!Box so that the FRITZ!Box or devices in the home network can be accessed over the internet, we recommend checking the following settings:

Disabling services that are no longer needed

  1. Click "Diagnostics" in the FRITZ!Box user interface.
  2. Click "Security" in the "Diagnostics" menu.
  3. In the "FRITZ!Box Services" section, check which services are set up for access from the internet in the FRITZ!Box.
  4. Disable the services that you no longer need.

    Note:MyFRITZ!Net requires the service "Internet access to the FRITZ!Box (HTTPS)".

Using individual account information

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Give all users unique usernames. Do not use usernames that are easy to guess, such as admin, guest, fritzbox, remote, or user.
  4. Give all users unique passwords that are strong enough. Do not use any passwords that are easy to guess or ones that you already use for other services, such as an email account, Amazon, Facebook, or Google.

    Note:You can find information on strong passwords in our guide Everything you need to know about strong passwords, for example. A password manager like Bitwarden or KeePass can help you keep track of things while also generating cryptographically complex passwords.

Using an alternative HTTPS port

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "FRITZ!Box Services" tab.
  4. In the field "TCP port for HTTPS", enter an unused port from the range 1024 to 65535 instead of the default port 443. This makes it more difficult for unauthorized persons to determine whether it is even possible to access the FRITZ!Box via HTTPS.
  5. Click "Apply" to save the settings.



Related topics:

Language selection