What can hackers do with an IP address and Wi-Fi password?

Hack the planet!! Oh wait... So you're really concerned for not too big of a deal. They know your ISP, which isn't too much information. You stated your IP has changed, for someone to guess your new IP (without knowing much else about your network) would be fairly difficult. This difficulty increases in relation to the number of customers your ISP is servicing. But let's assume these fowl people know your current IP address. Most home routers are set to not accept incoming connections unless an outgoing request is first initiated. In addition most routers, by default, do not allow access to the management page via the WAN interface; this is for security reasons. If you have any services in your network that accept connections (say a server of sorts), then I would take caution and ensure they any version of software responding to incoming requests is up-to-date and there are no known security vulnerabilities. Of course, if you are super paranoid, you could use the proven time-tested method:

As a home user you mostly need only be fearful of your router with things like: http://arstechnica.com/security/2014/12/18/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/ So best advice: keep your router firmware up to date, keep the firewall on (and DMZ off), turn off remote management in your router settings and make sure your router management password is something hard to guess (your wifi key too, in case some neighbours target you - and use WPA not WEP). This is just generally good advice though. IP addresses are not secret on the internet; nor is location. You can see this by visiting http://whatismyipaddress.com/There is no reason why you are any more vulnerable to attack than any of the rest of us. Any site that any of us goes to has the information you have described. And if your router is secure and remote management is switched off, then even with the right IP address and the right password, they won't be able to access it. Also the chances of some forum operators specifically targeting you are basically nil unless they think you are a high-value target for some specific reason (e.g. you're super rich and they know it). And if they did target you it would probably not be through trying to "hack your IP address". More likely a phishing attack via email with bad attachments, or an oldschool attack using online research and social engineering (calling companies and using any details they have about you to trick them into giving your home address). Again, anyone with a profile on the internet is vulnerable to those things, whether using a dodgy forum or not. In terms of a router attack, you're much more likely to be targeted by some random script kiddies scanning IP address blocks for insecure routers with specific vulnerabilities or hosts running without firewalls in DMZ than you are to be targeted by some forum admins. So in short, to quote a sadly missed author: Don't Panic

With a Wi-Fi password, they can connect to your personal Wi-Fi network and get access to your network. From there, they can access your assets on that network or launch attacks to other networks. This is bad. With an IP address, they can perform a vulnerability scan and determine weaknesses. They can exploit these weaknesses to gain access to the system represented by this IP address.

I see what he is doing here. I am an owner of a few forums as well, and it seems what he is doing is something very basic. So your IP address is your identity on the internet. Its just like a phone number. If you call someone from your telephone, the other person can see your telephone number. In a similar way when you visit a website, you have to give your identification id (IP address) to the owners of the website (in this case administrator). This is a screenshot of one of the web forum's administrator control panel. Just like you see 123.123.123.123 in the sample, the admin can see your IP address. From your IP address if he does a WHOIS -  https://who.is/whois-ip/ip-address/203.0.178.191  (Replace 203.0.178.191 with your IP). So its very simple to get all the information that the admin has about you, and at least by this much information its very hard to do any damage to you. And no, it is not possible to crack your Wifi password (as its on your private LAN and not on a public IP) or hack your computer from this much information. Only possible thing he can do is run a port scanner to look for open ports. And there is a high probability that you have a dynamic IP Address  assigned to you by your ISP, which means your IP address changes to something different once you reset your router. And there is no way the admin can come to know about it, once changed unless you go to his website again. So from my experience, I can say there is nothing to worry and there is not too much damage he can do to you. But make sure you don't download any files that he gives to you.

Your IP address is like a unique phone number over the Internet. Your router is like a phone hooked into the line. Each connection over the Internet needs to be accompanied by an extension (port). Computer connections work like this: Call the phone with the number and extension request information get information hang-up Whenever someone calls your router (unless you've told it to do otherwise by opening and forwarding extension numbers), your router assumes that others don't need to be bothering you. Instead of an exchange of information, your router simply hangs up instantly. Having your IP address means nothing.

An attacker cannot get your WiFi password from just your IP address, unless you are incredibly sloppy (e.g. you run a webserver on your computer with no access control, and there's a file that says "list of passwords"). That kind of thing does happen occasionally in industry - someone puts sensitive data on an internal webserver, then someone else changes the network so now it's public. All webserver operators have your public IP address - it's how websites know where to send the page you just requested. They can't do anything with that (except guess your location, or DoS you - slow down your connection) unless you are sloppy. Most personal computers now are not running any services by default, and are not sharing files to the internet unless you turn that on, and  some networks block file-sharing protocols anyway. A hacker can't do an SQL injection attack on your computer if you aren't running a webserver, don't have an SQL server, or don't have any stupidly vulnerable code on your website. In the past, I admit, there were occasions when that wasn't true. The ping-of-death for instance could knock machines down with a single command - I once took out about 30 printers doing a vulnerability scan. But now Microsoft and Apple and Linux etc. have had 20 years to harden their network software against that kind of thing. If you look at your network connection with a scanner such as Wireshark, you will see scans going on all the time. If you had a vulnerable service, someone would find it. They don't care who you are, they just want a computer to co-opt into a botnet. The fact that some particular person knows which is your computer makes little difference, except that they might be able to try passwords based on your public profile, in the unlikely event that you were running an SSH server with your dog's name as your password.

There are two very different things here. External IP address and Internal Wifi password. The two are very different points of attack. With an external IP, getting your wifi password would be counter-profuctive. Instead, a hacker will port scan your IP for any holes and start trying to punch through them. Your wifi password won't be important because he will get access inside and will try to exploit something else in your network to gain control. (Remote command prompt, remote desktop...) That is if his goal is to get information. If he wants to annoy you he can simply DDoS you and knock you off the web until you change IP, and even then, the good ones can still find you. For the Wifi password, it's actually a lot simpler but requires proximity to your wifi network, which means he knows where you live. Probably by tracing your IP, or tracing you online to figure out where you are. He could then start brute forcing your wifi password (which is simpler than you think). Once he gets the password he could setup a rogue access point near your home with a massive antenna so that all your wifi traffic goes there. A rogue access point will capture everything sent to it and relay your signal to wherever you want to go. He will then be able to see everything you do by wifi. Regardless of all of the above, I would recommend to invest in a nice firewall with an Intrusion Prevention System. Setup logs and learn to read them. Do not answer obvious phishing emails and change your wifi password or use it exclusively with mobile devices with no important information whatsoever. And get yoursel a tin foil hat, because when you see the amount of port scans you get daily by automated sources that you never even provoked you will probably just want to roll into a ball and cry. I didn't even touch phishing scams or social engineering but those could also be used especially since the people know a bit about you on the older forums...