Browse Definitions :

Universal Plug and Play (UPnP)

What is Universal Plug and Play (UPnP)?

Universal Plug and Play (UPnP) is a standard that lets network devices automatically find, communicate with and control each other. It is used by routers, computers, printers, game consoles and IoT devices. It uses industry standard protocols such as IP, HTTP and Extensible Markup Language. It is designed for home use.

UPnP is designed as a simple way for home users to connect network devices without needing to configure them or deal with incompatible standards. They can simply plug everything into their home network and everything will work seamlessly.

UPnP is considered a consumer technology. It does not scale well for large organizations and should not be used on company networks.

Is UPnP Safe?

UPnP is considered safe for home use, but many devices may use UPnP to configure themselves or other devices in an insecure way. It is often recommended to disable it.

To illustrate a problem with UPnP, think of a network-connected security camera. The user might expect that their camera video is private. However, it automatically let anyone on the internet watch its footage. It does this by being configured out of the box to use UPnP to open a port on the router to the internet.

Imagine a home network as an apartment building where every device is a different apartment, and the router is the locked front door to the building. Most neighbors are diligent about not letting strangers into the building.  Other neighbors might accidentally leave the front door to the building open, letting anyone in. A bad neighbor might actively let undesirable people into the building. This shows how one device can compromise network security accidentally.

9 elements of network security
It is often recommended to disable UPnP due to potential network security issues.

Is UPnP needed for gaming?

Most modern games don't need UPnP and instead use server polling. In this type of communication, the game console or computer talks to a central server only and gets all the data it needs to work.

Some games may still use UPnP to set up multiplayer games. This is most common when one game console or computer acts as a server or host and needs to accept incoming connections from the internet. The local device uses UPnP to set up port forwarding and inbound firewall rules on the router to let traffic from the internet into the home network.

Instead of using UPnP, manual rules can be used on a home router. This usually requires custom configuration for each device or game and may be difficult for some home users. It is more secure than using UPnP, however.

types of gamers
Most games nowadays don't need UPnP to communicate.

What is an UPnP media server?

An UPnP media server is a way to stream media, such as pictures, music and video, on a home network from one device to another using a standard UPnP-based communication protocol. One device acts as a server and has all the media stored on it. The server is configured to accept commands using UPnP. A client can then communicate with the server to start streaming the content. Digital Living Network Alliance is an additional media server standard that uses UPnP.

Popular UPnP-compatible media servers include the following:

  • Plex.
  • Kodi.
  • Jellyfin.
  • Some ASUS routers.
  • Some D-Link routers.
  • Synology NAS.

How does UPnP work?

UPnP uses several standard networking protocols to function. It uses HTTP sockets running on an IP network. UPnP devices listen on UDP port 1900 for incoming requests. When a device joins the network, it will send a broadcast or multicast request to all devices on the network seeking other devices, known as control points. This is known as Simple Service Discovery Protocol (SSDP).

Once another control point is found, the devices communicate directly with each other by IP address. The device publishes information about itself in an XML file. This will contain data such as its name, manufacturer, serial number, available services and available commands. The devices can then communicate by passing commands or actions to each other over HTTP.

How to disable UPnP?

UPnP may be turned on or off on each device that uses it. Most commonly, however, UPnP is disabled on the network router to prevent devices from opening security holes into the network.

Consult a router's documentation for detailed directions on how to disable UPnP. Simplified steps include the following:

  • Go to the router's settings page and log in. This can often be done by going to in a web browser.
  • Go to the network settings page. This may be under "advanced" options, firewall or WAN.
  • Set UPnP to disabled.

See how how to secure your home network while working from home. Learn about 12 common network protocols and their functions. Explore network security management best practices and challenges.

This was last updated in August 2023

Continue Reading About Universal Plug and Play (UPnP)

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

  • cybersecurity

    Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified ...

  • operational risk

    Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business ...

  • Risk Management Framework (RMF)

    The Risk Management Framework (RMF) is a template and guideline used by companies to identify, eliminate and minimize risks.

  • robotic process automation (RPA)

    Robotic process automation (RPA) is a technology that mimics the way humans interact with software to perform high-volume, ...

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with three-dimensional (3D)...

  • OKRs (Objectives and Key Results)

    OKRs (Objectives and Key Results) encourage companies to set, communicate and monitor organizational goals and results in an ...

  • cognitive diversity

    Cognitive diversity is the inclusion of people who have different styles of problem-solving and can offer unique perspectives ...

  • reference checking software

    Reference checking software is programming that automates the process of contacting and questioning the references of job ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...