How to Disable WPS on Your Router

WPS (WiFi Protected Setup) was designed in 2006 to make it easier to connect devices to WiFi without typing a password. It works via a button or an 8-digit PIN. The PIN method has a fundamental cryptographic flaw discovered in 2011 that allows the PIN to be brute-forced in 4,000–11,000 guesses — not the 100 million you would expect from an 8-digit number. Tools like Reaver and Bully automate this attack and can crack WPS PIN access in under 4 hours.

The WPS button method is less risky (requires physical access to the button) but WPS as a whole should be disabled unless you are actively using it. Most modern devices no longer need it — they connect via password, QR code, or an app.

How to Disable WPS by Brand

NETGEAR

1. Log in at 192.168.1.1 or routerlogin.net
2. Go to Advanced → Advanced Setup → Wireless Settings
3. Scroll to the WPS section
4. Uncheck Enable WPS or toggle it to Disabled
5. Click Apply

TP-Link

1. Log in at 192.168.0.1
2. Go to Advanced → Wireless → WPS
3. Toggle WPS to Disabled
4. Click Save

Note: On some TP-Link models, there is a physical WPS/WiFi button on the router. Disabling WPS in software prevents the PIN attack but the physical button may still trigger a WPS pairing attempt on some firmware versions. The software disable is still the important step.

ASUS

1. Log in at 192.168.50.1
2. Go to Wireless → WPS tab
3. Set Enable WPS to No
4. Click Apply

Linksys

1. Log in at 192.168.1.1
2. Go to WiFi Settings → WiFi Protected Setup
3. Toggle WPS off
4. Click OK

D-Link

1. Log in at 192.168.0.1
2. Go to Setup → Wireless Settings
3. Click Manual Wireless Network Setup
4. Uncheck Enable WPS
5. Click Save Settings

Xfinity Gateway

1. Log in at 10.0.0.1
2. Go to Gateway → WiFi
3. Click Edit on your network
4. Find WPS settings and disable

Note: Some ISP gateways do not expose WPS controls in the user-facing admin panel. If you cannot find WPS settings, your ISP may have already disabled it, or it may not be exposed — contact your ISP to confirm.

The WPS PIN Vulnerability Explained

The WPS PIN is 8 digits, but the last digit is a checksum — effectively 7 meaningful digits. More critically, the WPS authentication protocol checks the first 4 digits and second 4 digits separately. This reduces the keyspace from 10 million (10^7) to just 11,000 combinations (10^4 + 10^3). Modern attack tools can test all possibilities in under 4 hours on most routers, recovering your WPA2 password regardless of how strong it is.

Some router manufacturers patched this by adding lockout timers (blocking additional attempts after X failures). However, implementations vary, many routers reset the counter after reboot, and the attack is slow enough to avoid some lockout thresholds.

After Disabling WPS

Existing devices remain connected — disabling WPS does not disconnect anyone. New devices must connect by entering the WiFi password manually. For devices that previously needed WPS (because they lack a keyboard), use the router's QR code feature (if available) or set the device up via its companion app, which handles the password exchange securely.

Other Security Steps to Take

While you are in the router admin panel securing WPS, also check:

• Change the admin password if still on the factory default — see default passwords list
• Enable WPA3 or WPA2/WPA3 mixed mode — see WPA2 vs WPA3
• Update firmware — see firmware update guide
• Disable remote management if you do not need to access the router from outside your home
• Enable guest network for IoT devices — see guest WiFi setup