It’s not every day that the humble Wi-Fi router makes news headlines, but TP-Link has been given the spotlight over the past year.
The company is under federal investigation for alleged ties to Chinese cyberattacks and potential predatory pricing. More than half a dozen US government departments and agencies are backing a proposal to ban the routers, according to a Washington Post report released last week.
Despite the negative press, I haven’t bought a new Wi-Fi router just yet.
I’ve been covering the internet world for more than six years. For the past two years, I’ve used a TP-Link router. I’ve never had an issue with it — minimal buffering, solid range and no outages (that I could blame on the router, anyway).
In our recent round of Wi-Fi router testing, TP-Link performed admirably, earning an Editors’ Choice award for the best budget router.
It’s been a thorny issue to navigate for me personally, and for readers. Can I honestly recommend a company that’s facing a potential ban in the US? Is my own data at risk? Do I need to replace my router?
These questions started swirling around in my head in December of 2024, when the Wall Street Journal reported that the US government was weighing a ban on TP-Link routers due to the company’s ties to several high-profile Chinese cyberattacks. Three months later, Rep. Raja Krishnamoorthi, a Democrat from Illinois, held up a TP-Link router in Congress and said, “Don’t use this.”
Chinese corporate records and government announcements show that the company still employs about 11,000 people in China. But TP-Link representatives strenuously denied to me that the company has any links to the Chinese government.
When the news broke last year, I asked four cybersecurity experts whether they would still use a TP-Link router. One gave a strong “no,” another said there is “risk for a consumer,” and two declined to answer the question directly.
Spend any time shopping for Wi-Fi routers and you’ll notice that TP-Link’s routers are often cheaper than competitors. Of the 32 routers we tested for our review, TP-Link accounted for eight of the nine cheapest models.
The Justice Department is investigating whether these low prices violate federal law, which prohibits companies from selling products for less than they cost to manufacture, according to a recent Bloomberg report.
“To date, TP-Link Systems Inc. has not received any inquiry from the Department of Justice regarding these matters,” a TP-Link representative said in a statement. “We do not sell products below cost and maintain a policy of transparency in our business practices, ensuring fair pricing for our valued customers.”
I didn’t factor the pending investigations into our testing, and I felt it was important to evaluate TP-Link on its own merits. After all, it made up around 65% of router sales last year, according to the Journal report.
Ultimately, I decided to include the TP-Link Deco X55 Pro as our pick for a budget router. It was the only router with above-average performance for under $100, and I thought it was important that we offer readers a cheap option that still gets the job done.
After all, I use a TP-Link router myself, and I have no plans to replace it. Privacy and security are important to me, but I don’t lose any sleep over the TP-Link issue.
Knowing that I follow some basic best practices for network security gives me some peace of mind, but it’s also a matter of risk tolerance.
Itay Cohen was one of the authors of a 2023 report that identified a firmware implant in TP-Link routers linked to a Chinese state-sponsored hacking group. He told me in a previous interview that similar implants have been found on devices manufactured all over the world.
“I don’t think there’s enough public evidence to support avoiding routers from China outright,” Cohen said. “The vulnerabilities and risks associated with routers are largely systemic and apply to a wide range of brands, including those manufactured in the US.”
That risk is greater with TP-Link, in my opinion — when the smoke is three separate federal investigations, there’s probably fire somewhere — but it isn’t necessarily a bigger risk to you individually.
The hacks associated with TP-Link have used hijacked routers to target think tanks, government organizations, nongovernmental organizations and Defense Department suppliers.
Cybersecurity experts I spoke with recommended following some basic steps, regardless of the type of router you use: Ensure your firmware is up to date, use strong login credentials and consider using a VPN service.
I’ll continue to update our Wi-Fi router recommendations as I learn new information about the TP-Link investigations. Right now, I still feel comfortable recommending them.
