How to Use MetaMask Safely – 10 Must-Do Settings

I'll be honest – I've had my fair share of close calls with crypto wallets over the years. That one time I almost approved a transaction to a sketchy smart contract still gives me nightmares. And I'm not alone. With crypto scams becoming increasingly sophisticated, your MetaMask wallet needs more protection than ever before.

The good news? MetaMask has actually built in some powerful security features that most users never bother to set up. Taking 15 minutes to configure these settings could literally save you thousands of dollars. Here are the 10 essential MetaMask settings I recommend to everyone, from crypto newbies to seasoned traders.

1. Enable Advanced Gas Controls

The default gas settings in MetaMask are fine for basic transactions, but they leave you vulnerable to failed transactions and wasted ETH. Head to Settings > Advanced and toggle on "Advanced gas controls." This gives you much more control over your transaction fees and helps prevent those infuriating failed transactions that still cost you gas.

With this enabled, you'll be able to adjust the gas price and gas limit for each transaction. During high network congestion, this can be the difference between a transaction going through quickly or getting stuck for hours. It also helps you avoid overpaying when the network is quieter.

2. Turn on Hardware Wallet Support

Even if you don't own a hardware wallet yet, you should enable this setting immediately. Go to Settings > Advanced and toggle on "Preferred Ledger connection type."

Why? Two reasons. First, it makes the eventual transition to a hardware wallet seamless when you're ready to take that step (which I highly recommend once your crypto holdings exceed $1,000). Second, some phishing sites specifically look for this setting – if it's enabled, certain scam sites will actually show errors because they can't properly interface with hardware wallets.

3. Set Up Auto-Lock Timer

Your wallet should never stay unlocked when you're not using it. Go to Settings > Security & Privacy and adjust the "Auto-Lock Timer" to 5 minutes or less. I personally use 3 minutes.

This ensures that even if you walk away from your computer or someone else uses it, your wallet automatically locks itself, requiring your password to access it again. It's a small inconvenience that provides major protection.

4. Enable Enhanced Token Detection

This setting helps protect you from fake tokens and scams. Navigate to Settings > Security & Privacy and turn on "Enhanced token detection."

With this enabled, MetaMask uses trusted token lists to verify the legitimacy of tokens in your wallet. It won't catch everything, but it adds an extra layer of validation that can help you avoid interacting with fraudulent tokens designed to trick you.

5. Turn Off Automatic ETH Sign Requests

This is one of the most important changes you can make. Go to Settings > Security & Privacy and toggle OFF "Auto-detect and sign messages."

By default, MetaMask will automatically prompt you to sign messages when websites request it. The problem is that malicious sites can use these signature requests to drain your wallet. By turning this off, you force sites to request permission before even showing you a signature request. It's an extra step in your workflow, but it gives you crucial time to evaluate whether a site should be trusted with your signature.

6. Set Up a Custom RPC for Each Network

Don't rely on MetaMask's default RPC endpoints. They're often congested and can be unreliable. Instead, set up custom RPC connections for each network you use.

For Ethereum Mainnet, I recommend using Alchemy or Infura endpoints (you'll need to create free accounts). For other networks like Polygon or Arbitrum, find trusted RPC providers. Having reliable connections not only speeds up your transactions but also prevents you from getting frustrated and rushing through security checks when the network seems slow.

To add a custom RPC, go to Settings > Networks > Add Network, then enter the details for your preferred provider.

7. Enable Test Networks Only When Needed

If you're not actively developing or testing something, hide all test networks. Go to Settings > Advanced and toggle OFF "Show test networks."

Keeping test networks visible creates confusion and increases the risk of sending real assets to test addresses (which means they're gone forever). Many scams also try to trick users into switching to fake networks that look like test networks. Only enable this feature when you specifically need it for development or testing purposes.

8. Turn On Security Alerts

MetaMask can warn you about suspicious sites and potential phishing attempts. Go to Settings > Security & Privacy and ensure "Use Phishing Detection" is enabled.

This setting checks websites against known scam databases and alerts you before you connect your wallet to dangerous sites. It's not perfect, but it catches many common phishing attempts and provides valuable warnings.

9. Set Up Token Approval Limits

This is crucial for preventing unlimited spending approvals – one of the biggest security risks in DeFi. Go to Settings > Experimental and toggle on "Enable spending cap limits for ERC20 approvals."

With this enabled, MetaMask will suggest reasonable approval limits instead of the default unlimited approvals that most dApps request. This ensures that even if a contract you've approved is compromised, the attacker can only access a limited amount of your tokens.

10. Configure Multiple Accounts with Different Risk Profiles

This isn't a single setting but a strategy I strongly recommend. Create at least three different accounts in your MetaMask:

• A "cold" account that never connects to any websites and only receives/holds funds
• A "warm" account for trusted, established dApps like Uniswap or Aave
• A "hot" account with minimal funds for experimenting with new protocols

You can create new accounts by clicking on your profile icon and selecting "Create Account." Label them clearly, and develop strict personal rules about how much you keep in each and what types of interactions you allow.

Bonus: What Settings to Never Change

While we're at it, here are two settings you should NEVER disable:

Never turn off "Privacy Mode" - This prevents websites from seeing your accounts unless you explicitly connect to them.

Never disable "Sign-in with Ethereum" - This feature helps verify that you're interacting with legitimate websites.

Final Thoughts

Setting up these 10 security features might take you 15-20 minutes now, but they could save you from becoming yet another crypto hack statistic. The reality is that most MetaMask users who get their funds stolen weren't using these basic protections.

Remember: in crypto, security isn't something you set and forget. Make a habit of reviewing your connected sites (Settings > Connections) at least once a month and revoking access to any sites you no longer use. And always, always double-check transaction details before confirming.

What security settings do you use for your MetaMask wallet? Have I missed any important ones? Let me know in the comments – we all benefit from sharing best practices in this space.