UPnP (Universal Plug and Play) is the feature that lets devices on your network automatically open the ports they need - so a game console, security camera, or torrent client "just works" without you touching router settings. It is convenient. It has also been a recurring security weakness, and some 2026 botnets have spread through vulnerable UPnP services on home routers. So should you disable it?

What UPnP actually does

Normally, incoming connections from the internet are blocked by your router's firewall unless you deliberately set up port forwarding. UPnP lets devices request those openings themselves, automatically, without your approval. That is great for plug-and-play convenience and the reason most people never have to think about ports.

Why it is a security concern

  • Any device can open a door. Malware already on your network can use UPnP to expose itself to the internet, no questions asked.
  • Buggy UPnP implementations. Some routers have had flaws in the UPnP service itself - exploitable directly, and a path that botnets have used to take over devices.
  • WAN-side UPnP. A misconfigured router that accepts UPnP requests from the internet (not just your LAN) is especially dangerous. This should never be enabled.

So, should you disable it?

For most homes, turning UPnP off is the safer default, and you can always make exceptions. The trade-off is that some applications may need manual setup afterward:

  • Online gaming and party/voice chat sometimes rely on UPnP for the best connection ("open NAT").
  • Some cameras, VoIP, and remote-access tools use it to be reachable from outside.

If everything in your home works without it, leave UPnP off. If a specific app or console breaks, you have two good options.

Safer alternatives

  1. Manual port forwarding for the one device that needs it. It is more work but you control exactly what is open - see how to set up port forwarding and is port forwarding safe?
  2. Set a static IP for that device first so the rule does not break - see how to set a static IP address.

How to turn it off

Log into your router (see how to access router settings), then look under Advanced, NAT Forwarding, or Firewall for a "UPnP" toggle and disable it. While you are there, confirm remote management is off too.

The bigger picture

Disabling UPnP is one piece of router hardening. Combine it with current firmware, a non-default admin password, and WPA3 from the best home network security plan. If you are worried your router was already abused, check is your router part of a botnet?