🔒 MikroTik routers have several built-in services enabled by default, such as Telnet, FTP, and others. While these services are useful in some environments, they are often outdated or insecure.
As a best practice, you should disable any services you’re not actively using. This will reduce your router’s attack surface. It will also harden its overall security. In this guide, you’ll learn how to easily disable unused services through both Winbox/WebFig and the Terminal (CLI).
Table of Contents
🛠 Steps to Disable Unused Services on MikroTik Router
✅ Option 1: Using Winbox or WebFig (GUI)
- Log in to your MikroTik router using Winbox or a web browser.
- Go to IP > Services.
- You will see a list of available services:
- telnet
- ftp
- www (WebFig)
- ssh
- api
- api-ssl
- winbox
- For each service you don’t use:
- Select the service.
- Click the “X” (disable) button at the top of the window.
- You can also change the available IP addresses under “Available From” to restrict access only from trusted sources.
After you click on Services it will pop up new tap
To disable the services, you need to select the services that you want to disable and click on X
Now the services are disabled
If you want to enable these services again, just select them and click on Text as above
✅ Option 2: Using Terminal / CLI
You can also disable services using the MikroTik terminal:
/ip service disable telnet
/ip service disable ftp
/ip service disable www
/ip service disable api
/ip service disable api-ssl
⚠️ Note: Do not disable
winboxorsshif you’re using them to manage the router remotely. Disable only what you don’t use.
If you want to limit access to certain services rather than disabling them completely:
/ip service set ssh address=192.168.88.0/24
This command limits SSH access to the 192.168.88.0/24 subnet only.
✅ Recommended Services to Disable (If Not Used)
| Service | Description | Status (if unused) |
|---|---|---|
| telnet | Unencrypted remote access | Disable |
| ftp | File transfer protocol (insecure) | Disable |
| www | Web GUI (use Winbox instead) | Disable |
| api | API access for automation | Disable |
| api-ssl | Secure API | Disable if unused |
Disabling unused services on your MikroTik router is a simple but powerful security measure. Turn off services like Telnet and FTP. They are outdated and insecure. By doing so, you significantly reduce the chances of unauthorized access or exploitation. Always remember: the fewer services exposed, the smaller your attack surface.
Take a few minutes to review your MikroTik configuration today and disable what you don’t need. It’s a quick step that can save you from major security issues down the road.
MikroTik routers are widely known for their reliability. They offer advanced features and affordability. These qualities make them a top choice for both home users and network professionals. If you’re setting up or upgrading your network, it’s worth considering one of their many models. You can find trusted MikroTik routers on Amazon here: 👉 Check MikroTik routers on Amazon
Once your router is in place, take immediate action to disable unused services. Focus on services like Telnet and FTP, as they should be turned off. These services are occasionally useful. However, they are often not encrypted. If left enabled unnecessarily, they can expose your router to security risks.
Discover more from How To Kh
Subscribe to get the latest posts sent to your email.