Before you arrive: one thing to do at home

Most of the work happens before you travel, not at the hotel. If you're going to any country with internet restrictions — China, UAE, Russia, Iran — your VPN must be downloaded and configured before you land. App stores are blocked in these countries. You can't fix this after you arrive.

⚠ Critical for China, UAE, Russia, Iran

The App Store and Google Play are blocked in China and Iran. VPN apps cannot be downloaded once you're inside the country. Install NordVPN on every device you're bringing, enable obfuscated servers, and test it before you board.

For everywhere else — the process below works at check-in with no prep required, as long as you already have a VPN installed.

The 5-step process at check-in

✓ The auto-connect shortcut

In NordVPN settings, enable "Auto-connect" on untrusted networks. After completing the captive portal, the VPN activates automatically on any network that isn't your saved home wifi. You don't have to remember step 3 — it happens on its own.

What to do if the VPN blocks the captive portal

Some hotel captive portals don't load when a VPN is active — the portal needs an unencrypted connection to redirect you to the login page. If you hit this issue:

Temporarily disable the VPN, complete the captive portal login, then immediately re-enable the VPN before doing anything else. This is a 30-second window of unprotected connection — minimal risk as long as you're not sending any data.

NordVPN and most modern VPNs handle this gracefully with a "captive portal detection" feature that pauses the VPN just long enough for the portal to load, then reconnects. Check your settings to see if it's enabled.

What you don't need to worry about

With a VPN running, the main risks of hotel wifi are addressed. There are a few things that get more attention than they deserve:

HTTPS sites without a VPN — the content is already encrypted. Someone on the same network can see that you visited a site but not what you did there. This is real but not catastrophic for most browsing.

Hotel staff reading your traffic — possible technically but almost never happens proactively. The logs exist for legal compliance, not surveillance. A VPN makes the logs useless anyway.

The hotel stealing your passwords — on HTTPS sites (virtually everything today), passwords are encrypted in transit. The hotel cannot read them.

Free Download

The Traveler's Digital Security Checklist

The full pre-travel and at-hotel checklist — including VPN setup, network verification, and everything else worth doing.

No spam. Unsubscribe anytime.

Frequently asked questions

For casual browsing on HTTPS sites, the risk is low. Passwords on HTTPS sites are encrypted. The main concerns are DNS logging (the hotel can see which sites you visit) and poorly secured networks where other guests could monitor traffic. A VPN eliminates both concerns with one step.

You can't know for certain — you don't control the network. Even hotels with good IT departments run shared networks where other guests are connected simultaneously. The safest assumption is that any wifi network you don't control is potentially monitored, and use a VPN accordingly.

You need a VPN with obfuscated servers — standard VPNs are detected and blocked by censorship systems in China and partially in the UAE. NordVPN's obfuscated servers disguise your VPN traffic as normal web traffic. Enable this before you board — you can't configure it after arrival if you're heading to China.

Ethernet is faster and slightly more secure in that other guests can't connect to the same physical cable. But the hotel's router still handles all traffic, so logging and monitoring is still possible. Use a VPN on ethernet too — the same rules apply.

The VPN we travel with

NordVPN — auto-connects at check-in

Set auto-connect once and it activates automatically every time you join a new wifi network. Works in China and UAE. No-logs policy audited by PwC.

Get NordVPN — Save up to 69% →

* Affiliate link — we earn a commission at no cost to you.