What is UPnP, and why should you disable it?

UPnP (Universal Plug and Play) is a networking protocol that automatically connects devices on the same network. It is commonly used for streaming media, online gaming, and communication between smart home devices. However, it provides hackers a doorway to steal data or add malware to your devices.

To prevent this, you’ll need to know what UPnP is and whether you should turn it on or off.

What is UPnP?

UPnP is a protocol that allows devices within the same network range to connect via standard protocols like HTTP (Hypertext Transfer Protocol), TCP/IP (Transmission Control Protocol/Internet Protocol), or DHCP (Dynamic Host Configuration Protocol). It automatically opens and closes ports so that devices can communicate with each other without any issues. 

For example, if you set up a new smart TV at home, you can use UPnP to connect it to your network without going through complicated settings. This makes it super convenient for users in home networks, as it reduces the hassle of manual configurations.

How UPnP works

UPnP follows a six-step process to keep everything running smoothly. Let’s break it down to understand how it manages your network:

1. Addressing: devices request IP (Internet Protocol) addresses from the network using DHCP or assign one if the server is unavailable.
   
2. Discovery: they announce their presence on the network through SSDP (Simple Service Discovery Protocol) to find and communicate with other devices.
   
3. Description: they then provide detailed information, such as model, services, and control URLs, to help other devices understand their capabilities.
   
4. Control: they exchange control messages in XML (Extensible Markup Language) with SOAP (Simple Object Access Protocol) to interact and execute commands.
   
5. Eventing: they send event notifications to other devices when their state changes to keep others updated.
   
6. Presentation: at last, they provide a web interface (presentation URL) for users to control or view its status through a browser.

These steps ensure smooth communication between devices, but UPnP’s job doesn’t end there. One of its most important functions — managing network ports — happens behind the scenes during the control and eventing steps.

As devices communicate and share updates, they often need specific network ports open. UPnP takes care of this by automatically opening and closing network ports. It uses port forwarding (a network technique that directs incoming internet traffic to a specific device or service within a private network) to connect your devices without changing router settings.

This automatic port management makes device communication easier. Without it, you’d need to manually set up port forwarding, which may be complex and time-consuming.

Common uses of UPnP

Since UPnP simplifies connectivity, it’s widely used across many households and industries. Here’s how:

• Gaming consoles: automatically configures the network settings for consoles like the Xbox, Nintendo Switch, and PlayStation. This allows users to easily jump into their favorite multiplayer games without dealing with complicated port forwarding or Wi-Fi network issues;
  
• Streaming devices: allows devices such as Apple TV and Roku to discover and stream content from your home network. This way, you can easily access media stored on your devices, like music, photos, and videos, without manually setting up connections;
  
• Internet of Things (IoT) devices: smart devices like lights, cameras, and thermostats use UPnP to connect with your home network. With this, you can control your smart lights or security cameras conveniently through your smartphone;
  
• Remote home surveillance: UPnP can also add remote home surveillance systems like ring cameras to your home network to help you monitor your property from anywhere. It’s also suitable for digital assistants like Amazon Alexa and Google Assistant, which allow you to control your smart home using your voice.

Is UPnP safe?

Although UPnP offers convenience, it comes with severe security concerns that make many of us wonder: should I disable UPnP? The short answer is yes, but let’s understand why:

• Security risks: since many routers have WAN (Wide Area Network) access enabled by default, UPnP allows devices on your local network to communicate with unauthorized devices. That means malicious actors could access your network to exploit these open pathways and manipulate devices or even take control of network equipment;
  
• Lack of authentication and authorization: with UPnP, devices can communicate with one another without verifying their identities or permissions. So, an attacker could easily send commands to a device on the network to compromise it or redirect its traffic. As there are no strict measures in place, any device that understands UPnP could theoretically interact with others, which can lead to potential security breaches;
  
• Vulnerabilities: hackers can use UPnP to discover and manipulate IoT devices such as security cameras or smart locks. They do so by creating backdoors in your network and adding malware to increase DDoS (Distributed denial of service) attacks.

By understanding these risks, you can now decide whether the convenience of UPnP is worth the potential security trade-offs for your specific situation.

Should you disable UPnP?

Let’s be honest — UPnP does offer convenience. It automatically sets up connections for your gaming consoles, video chat apps, and smart home devices. But this convenience also comes with risks. It can be difficult to decide whether to keep UPnP on or off, so first, let’s understand this:

Turning on UPnP changes your NAT (Network Address Translation) type, which is risky and exposes your network to outside entities. That’s why, for most people, turning off UPnP is the safer choice. You should also consider disabling it if:

• You’re worried about online security;
• You have sensitive data on your network;
• You don’t need devices to connect automatically;
• You don’t mind taking a few extra steps to set up devices.

Yes, disabling it means you’ll have to manually set up port forwarding for some devices or apps. But the extra security is worth the small hassle. If you still decide to keep UPnP on, make sure to:

• Update your router’s firmware regularly;
• Turn off UPnP access from the internet if your router allows it;
• Keep an eye on which devices are connecting to your network.

How to enable or disable UPnP on your router

Here’s a step-by-step guide to enable or disable UPnP through your router settings:

Find your router’s IP address

First, find your IP address — to do so, follow these steps:

On Windows

1. Press Windows + R to open the Run dialog box.
2. Enter cmd in the dialog box to open your Command Prompt.
3. Write ipconfig in the Command Prompt and press Enter.
4. Look for the Default Gateway address, usually in this format: 192.168.1.1. This would be your IP address.

On macOS

1. Click on the Apple menu and select System Preferences/Settings.
2. Go to Network, select your network connection, and click Advanced.
3. Under the TCP/IP tab, you’ll see your IP address.

On mobile devices

1. For iOS: Go to Settings > Wi-Fi> Connected network > IP address.
2. For Android: Go to Settings > Wi-Fi > Connected network > IPv4 address.

Access your router settings

1. Open the web browser and enter your IP address in the search bar.
2. You will be asked to enter a username and password. Use your default credentials here — they’re usually on a sticker on the back or front of your router.

Note: If you’ve changed the credentials and can’t remember them, you may have to reset the router to factory settings.

Find UPnP settings

3. After logging in, look for a section labeled Advanced, Settings, or Network Settings.
4. You may find UPnP under subcategories like WAN Settings, LAN Settings, or NAT Forwarding.
5. Find the option UPnP or UPnP Settings.
6. To enable UPnP, check the box next to it or select Enable.
7. To disable UPnP, uncheck the box or select Disable.
8. After making your changes, make sure to click Save or Apply to confirm the changes.

Restart your router (optional)

For some routers, you may be prompted to reboot or restart the device to apply changes. To do so, look for the restart option in the router settings or simply unplug the router, wait a few seconds, and plug it back in.

If you’re not comfortable changing these settings, most router brands have helpful guides on their websites. When in doubt, check your router’s manual or contact your internet service provider for help.

Tips for understanding UPnP settings

Here are some of my tips to help you with your UPnP enabling or disabling process:

• Look for help sections: many routers have built-in help sections or tooltips that can guide you through specific settings;
• Check the manufacturer’s documentation: if you’re having trouble, go through your router’s manual or visit the manufacturer’s website for specific instructions related to your model;
• Search online: if you’re stuck and can’t identify the right settings option, Google your router’s brand and model for specific instructions, and you may find some help.

Alternatives to UPnP for secure connections

Now that you know why you should disable UPnP, you may have decided to turn it off. So, don’t worry — there are still safe options for connecting your devices. Here are two of them:

Manual port forwarding

Manual port forwarding is the process of manually configuring your router to allow external devices to access specific services on your local network. It requires selecting which ports should be open and directing incoming traffic to the right device.

This is slightly more technical but also more secure than UPnP. You even get to hand-pick the devices instead of leaving all the ports open for outsiders to interfere.

Here’s how it works:

1. First, you find which application or service you want to access remotely.
2. Look up the specific port number the service uses, such as 80 (HTTP) or 443 (HTTPS).
3. Log into your router’s admin page and go to the port forwarding section.
4. Enter the port number and the local IP address of the device you want to forward traffic to.
5. Save the settings and, if necessary, restart your router.

VPNs

While manual port forwarding is good, combining it with a reputable VPN (Virtual Private Network) like Surfshark makes your setup even more secure. A VPN creates a safe and encrypted gateway between your device and the internet, even when ports are open. This setup helps protect your data from unauthorized users and keep your network connections private.

With a VPN, you can securely access your home network and devices while on public Wi-Fi or traveling without exposing your network to potential vulnerabilities.

Get enhanced network security with Surfshark VPN

Even though UPnP poses some security risks, you don’t always have to disable it. After all, it is the easiest method for less advanced users to connect their devices.

If you are worried about online hackers or malware getting into your systems through UPnP, we recommend enabling a reputable VPN like Surfshark. That way, you can connect to secure servers around the globe and keep your online activities private from prying eyes.

Frequently Asked Questions

Should UPnP be enabled?

No, it’s safer to disable UPnP after you have used it to connect your devices. This will help protect your network from potential security risks like hacking or malware.

What does UPnP do on Xbox?

UPnP allows Xbox to automatically open necessary network ports to improve online gaming performance and multiplayer connectivity without manual setup.

Is it bad to disable UPnP?

No, disabling UPnP is better for security and doesn’t affect your network in any way. However, without UPnP, you may have to configure devices manually.