Can someone hack my Wi-Fi and see what I'm doing online?
If someone accesses your Wi-Fi network, they can potentially intercept unencrypted traffic, but HTTPS protects the content of most web browsing; the main practical risks are bandwidth theft and being on the same network as a malicious device.
Last reviewed: 10 June 2026
Explanation
A person on your Wi-Fi network sits in a position where they can potentially see the traffic flowing through the router. The extent of what they can read depends heavily on encryption. Since most websites now use HTTPS, an attacker on your network sees that you connected to a site, but the content of what you sent and received — passwords, messages, page content — is encrypted and unreadable without breaking TLS.
For unencrypted connections (older sites using plain HTTP, some older smart home devices), data can be read in plain text. DNS queries — the lookups your browser makes to convert website names to IP addresses — may also be visible, revealing which sites you visited even when the content is hidden. Using an encrypted DNS service (DNS over HTTPS) reduces this exposure.
If someone gains access to your router itself rather than just your Wi-Fi, the risk increases significantly: they can redirect DNS queries, intercept traffic before it's encrypted, or set up rogue access points. Router access is obtained through default or weak admin passwords, or through unpatched firmware vulnerabilities.
The practical remediation is strong: use WPA3 or WPA2 encryption on your Wi-Fi with a long, unique password; change the router's admin password from the factory default; keep router firmware updated; and consider placing smart home devices on a separate guest network so a compromised device doesn't have access to your computers.
Common red flags
- Unknown devices appear in your router's connected device list
- Your internet feels much slower than usual with no other explanation
- Your router is using its factory default admin password
- You use a public Wi-Fi network and are accessing sensitive accounts
- Your router has an old firmware version and the manufacturer has published security updates
What to do now
- Log in to your router admin panel and review the list of connected devices — remove any you don't recognise
- Change your Wi-Fi password to a long, unique one if it is weak or shared widely
- Change your router's admin password from the factory default
- Check for and apply any available firmware updates for your router
- Set up a separate guest network for IoT and smart home devices
- On public Wi-Fi, avoid accessing banking or other sensitive accounts unless using a VPN
- Enable DNS over HTTPS in your browser settings to reduce DNS visibility
Frequently asked questions
Can a neighbour using my Wi-Fi actually steal my passwords?
For HTTPS sites, no — those passwords are encrypted in transit. The bigger concern is bandwidth theft, router security, and potentially malicious traffic from a device they introduce to your network.
Does a VPN protect me on public Wi-Fi?
A reputable VPN encrypts all traffic between your device and the VPN server, effectively shielding your activity from anyone on the local network including the access point operator. Choose a paid VPN with a clear no-logs policy.