Ok, this isn't quite the numpty question that it first appears and here's my reasoning: Firstly, there's no threat at all from inside my network from malicious household members, naughty kids etc. So no one's gonna log into it and screw it up. What about an infected PC? Well, I don't remember ever getting a malware infection in the 15+ years I've had PCs since I take all the usual precautions, so this is a very unlikely problem. Secondly, the external web interface is switched off so no one can attempt to try and log in to it. Thirdly I have the SPI firewall switched on. I leave it like this, because I find it very convenient to leave the default password as it is since it prevents me having to do a potential router factory reset should I forget it and can't find it written down somewhere. So, if you think I have a gaping security hole here, I'd like to hear about it. EDIT: I have Wi-Fi turned off on my router too. It's ethernet only for me.