Before you arrive: one thing to do at home
Most of the work happens before you travel, not at the hotel. If you're going to any country with internet restrictions — China, UAE, Russia, Iran — your VPN must be downloaded and configured before you land. App stores are blocked in these countries. You can't fix this after you arrive.
⚠ Critical for China, UAE, Russia, Iran
The App Store and Google Play are blocked in China and Iran. VPN apps cannot be downloaded once you're inside the country. Install NordVPN on every device you're bringing, enable obfuscated servers, and test it before you board.
For everywhere else — the process below works at check-in with no prep required, as long as you already have a VPN installed.
The 5-step process at check-in
- Ask the front desk for the exact wifi network name. Don't assume the most visible network is legitimate. "Hotel_Guest_WiFi" and "HotelGuestWifi" look similar but one could be an "evil twin" — a fake network set up to intercept traffic. Ask staff: "What's the exact name of your wifi network?" and match it character by character.
- Connect to the verified network. Once connected, you'll typically get a captive portal — a login page that opens in your browser asking for a room number, last name, or a password from the front desk. Complete this before doing anything else.
- Enable your VPN immediately after the captive portal. Once the captive portal is complete, your traffic is flowing through the hotel network unprotected. Open your VPN app and connect before doing anything else — checking email, opening apps, anything. NordVPN auto-connect handles this automatically if you've set it up beforehand.
- Verify the VPN is actually connected. Don't assume. Check the VPN app shows "Connected." For extra certainty, visit whatismyip.com — it should show the VPN server's IP address, not your hotel's IP. This takes 10 seconds and confirms you're protected.
- For banking or sensitive accounts, use mobile data instead. Even with a VPN, your mobile data connection is a private, unshared network. If you need to access financial accounts, switch to 4G/5G rather than wifi. It's a separate network that bypasses the hotel entirely.
✓ The auto-connect shortcut
In NordVPN settings, enable "Auto-connect" on untrusted networks. After completing the captive portal, the VPN activates automatically on any network that isn't your saved home wifi. You don't have to remember step 3 — it happens on its own.
What to do if the VPN blocks the captive portal
Some hotel captive portals don't load when a VPN is active — the portal needs an unencrypted connection to redirect you to the login page. If you hit this issue:
Temporarily disable the VPN, complete the captive portal login, then immediately re-enable the VPN before doing anything else. This is a 30-second window of unprotected connection — minimal risk as long as you're not sending any data.
NordVPN and most modern VPNs handle this gracefully with a "captive portal detection" feature that pauses the VPN just long enough for the portal to load, then reconnects. Check your settings to see if it's enabled.
What you don't need to worry about
With a VPN running, the main risks of hotel wifi are addressed. There are a few things that get more attention than they deserve:
HTTPS sites without a VPN — the content is already encrypted. Someone on the same network can see that you visited a site but not what you did there. This is real but not catastrophic for most browsing.
Hotel staff reading your traffic — possible technically but almost never happens proactively. The logs exist for legal compliance, not surveillance. A VPN makes the logs useless anyway.
The hotel stealing your passwords — on HTTPS sites (virtually everything today), passwords are encrypted in transit. The hotel cannot read them.
Free Download
The Traveler's Digital Security Checklist
The full pre-travel and at-hotel checklist — including VPN setup, network verification, and everything else worth doing.
No spam. Unsubscribe anytime.
Frequently asked questions
For casual browsing on HTTPS sites, the risk is low. Passwords on HTTPS sites are encrypted. The main concerns are DNS logging (the hotel can see which sites you visit) and poorly secured networks where other guests could monitor traffic. A VPN eliminates both concerns with one step.
You can't know for certain — you don't control the network. Even hotels with good IT departments run shared networks where other guests are connected simultaneously. The safest assumption is that any wifi network you don't control is potentially monitored, and use a VPN accordingly.
You need a VPN with obfuscated servers — standard VPNs are detected and blocked by censorship systems in China and partially in the UAE. NordVPN's obfuscated servers disguise your VPN traffic as normal web traffic. Enable this before you board — you can't configure it after arrival if you're heading to China.
Ethernet is faster and slightly more secure in that other guests can't connect to the same physical cable. But the hotel's router still handles all traffic, so logging and monitoring is still possible. Use a VPN on ethernet too — the same rules apply.
The VPN we travel with
NordVPN — auto-connects at check-in
Set auto-connect once and it activates automatically every time you join a new wifi network. Works in China and UAE. No-logs policy audited by PwC.
Get NordVPN — Save up to 69% →* Affiliate link — we earn a commission at no cost to you.