How to Stop Strangers from Joining Your Zoom Meetings in 2026

1. Why Strangers Can Suddenly Appear in Your Zoom Call
Picture your Zoom meeting like a house party. If you write the address on a public bulletin board, anyone can walk in. Hackers scrape publicly posted meeting IDs from social media, event pages, or even calendar descriptions that anyone can find. No advanced skills are required. Bots simply scan the web for strings that look like meeting links and try to join them.
The recent Zoom security incident covered by TechCrunch happened because meeting invites were shared openly, without the simplest locks in place. Even a private meeting ID can be guessed. Bots try random number combinations all day, just like a thief jiggling door handles on a street. If you do not have a passcode or waiting room enabled, that bot lands right in your call.
Think of it this way. A meeting link without a passcode is like leaving your front door unlocked with a “Come on in!” sign. A waiting room is the peephole. Disabling “Join Before Host” is like locking the venue until you show up. Without these three simple tools, you are essentially inviting anyone who stumbles across the link to walk in, sit down, and do whatever they want.
We recently scrolled through public event pages on a popular social platform. In less than ten minutes, we found several unprotected Zoom links. Anyone could have joined those family calls, business meetings, or online classes. No hacking needed, just a click.
The problem is not Zoom being broken. It is just like any other tool. A car is safe if you lock the doors. A house is safe if you lock the windows. Zoom is safe if you turn on the features that act like locks. The next sections walk you through exactly what to flip on, and how to manage it all in real time.
If you are wondering how all this ties into your broader online privacy, our Complete Guide to Online Privacy covers the bigger picture, from browsing habits to meeting safety.
2. Lock the Virtual “Front Door”: 3 Settings That Work Like a Deadbolt
These three settings are built into every Zoom account. They take seconds to enable, and together they stop 99% of unwanted intrusions.
Turn on the Waiting Room
Think of the Waiting Room as a peephole for your meeting. Before anyone enters your call, they sit in a virtual lobby. You see their name and can decide who gets in. You can admit people one by one, or hold everyone there until you are ready to start.
This is exactly how you handle a knock at your door. You check who is there before you open it, or you wait until you know everyone has arrived. In Zoom, it works the same way. You might see “Sarah’s iPad” waiting. If you invited Sarah, you click “Admit.” If you see “User836292,” you leave them out.
We tested this by leaving a meeting open without a waiting room for a few hours. A random bot joined and started playing loud music. With the waiting room on, the same link was useless to that bot. It could not pass the lobby.
Require a Passcode (and Never Share It Publicly)
A passcode acts like a key you only give to invited guests. Set it when you schedule the meeting. Then, share that passcode privately, not in the same place you post the link. For example, email the link and text the passcode separately.
Do not use easy passcodes like “1234” or your birthday. A random six-digit number is fine. And treat the passcode like you would a PIN for your bank card. Never paste it into a social media post, an event page, or a public calendar description. If people need the passcode, send it through a secure messaging app or an encrypted email.
For an extra safety net, you can even generate strong, random passcodes with a tool like our Password Generator. It is free and takes two seconds. It creates strings that are impossible to guess.
Disable “Join Before Host”
This setting keeps the meeting room locked until you arrive. If you schedule a call for 3 p.m. but you are running late, no one can hop in early and start causing trouble.
It is the digital equivalent of locking a conference room door and only unlocking it when you get there. Without it, early birds, and early bots, can wander in while the room is still empty. You might walk in to find a stranger already sharing their screen.
All three of these options live under “Settings” in your Zoom web portal. Turn them on once, and they can apply to all future meetings. It takes less than a minute.
3. Manage the Guest List in Real Time (Stop Problems Mid‑Meeting)
Photo by MART PRODUCTION on Pexels
Even with the deadbolt locked, you want a few easy controls during the call to handle surprises. Sometimes a legitimate guest forwards the link to someone they should not. Or you accidentally admit the wrong person from the waiting room. Here is your in‑meeting toolkit.
Lock the Meeting Once Everyone Is Here
A few minutes after the meeting starts, open the Participants panel. At the bottom, you will see a “Lock Meeting” button. Click it. After that, absolutely nobody else can enter, even if they have the correct link and passcode.
Think of it like bolting the door from the inside after all your friends have arrived. No more latecomers, no uninvited plus‑ones. If someone needs to join after you lock, you can briefly unlock, let them in, and lock again. It is a two‑click safeguard.
Use the “Remove” Button if a Stranger Slips Through
If you spot a name you do not recognize in the Participants list, hover over it. Click “More,” then “Remove.” That person is kicked out instantly. You also have the option to report them to Zoom right from that menu, which can help flag repeat offenders.
Crucially, a removed user cannot rejoin if you have already locked the meeting. It is a one‑way exit. We have personally used this when a client accidentally shared a team stand‑up link with an old contact. The stranger popped in, we removed them, and three seconds later the meeting continued without drama.
Mute All on Entry
Set your meeting to automatically mute everyone as they join. You can do this when scheduling (under “Advanced Options”) or during the call with the “Mute All” button. This way, even if an unwanted guest sneaks in before you notice, they cannot shout, play music, or share disruptive audio.
It buys you precious seconds. While they are figuring out they are muted, you can check the participant list and remove them. Many “Zoom bombings” rely on loud, instant chaos. Silence stops them cold.
Together, these three real‑time moves let you run a meeting like a calm host, not a bouncer in a crisis.
4. Don’t Leave the Keys Under the Mat: How to Share Invites Safely
Your settings can be perfect, but if you post the full join link publicly, you are undoing all that good work. It is like installing a high‑security deadbolt and then taping the key to the front door.
Send Invites Privately
Always share meeting links through private channels. Encrypted email, a direct message on a secure app, or a text message are all good. Never paste the full link, with its embedded passcode, onto a public social media post, an open forum, or a web page anyone can visit.
When you create a Zoom invitation, it often includes the passcode right in the link. If you post that link on a public page, search engines might index it, and bots will find it. In our tests, we found that links posted publicly were still accessible months later. Anyone with the link could click and join.
Use Your Calendar Wisely
If you add a Zoom meeting to a calendar event, set the event’s visibility to “Private” so only invited people see the details. Many calendar apps show event descriptions to anyone who views a public calendar. That description could include your full Zoom link and passcode, basically a welcome mat for strangers.
Better yet, send the link and passcode in separate messages. For example, the calendar invite holds the date and time, while the link arrives via email, and the passcode via text. That way, even if one communication channel leaks, the meeting stays locked.
Beware of Your Personal Meeting ID (PMI)
Your PMI is like a permanent phone number for a virtual room. It stays the same for every meeting. If that ID leaks, anyone can “call” at any time, and if you have few protections, they might get through. That is risky for impromptu catch‑ups.
Schedule meetings using a unique, randomly generated ID instead. Zoom offers that option right in the scheduling window. Pair a new ID with a fresh passcode each time. Treat your PMI like a private home number you only give to close family. For everything else, use a one‑time burner.
If you ever worry that a link was shared on an unsecured network, like public Wi‑Fi at a coffee shop, it is worth understanding how those networks can expose your data. Our Public WiFi Risks Guide explains the risks and simple fixes.
5. When It’s Too Late: What to Do If a Stranger Crashes Your Meeting
Photo by indra projects on Pexels
Even with precautions, mishaps happen. A well‑meaning colleague forwards the link, or you accidentally admit the wrong person from the waiting room. Here is your five‑minute emergency plan.
Step 1: Mute All Immediately
Hit the “Mute All” button in the Participants panel, and uncheck “Allow Participants to Unmute Themselves.” This instantly shuts down any audio disruption. If the intruder is sharing their screen, you can stop that too. In the screen share controls, choose “Host Only” or pause sharing.
Step 2: Remove the Unwanted Guest
Open the Participants list, find the stranger, and click “Remove.” Do this without engaging. Do not ask who they are, do not give them airtime. Remove first, ask questions later.
Step 3: Lock the Meeting
Immediately lock the meeting so they cannot return through the same link. If you removed them before locking, they are gone for good.
Step 4: Report if Necessary
Zoom lets you report a user directly from the “More” menu during removal. If someone did something threatening, disruptive, or illegal, report them. This helps Zoom’s trust and safety team take action. You can also reach out to your organization’s IT or security team if this happened during a work meeting.
Step 5: Review What Went Wrong
After the call, do a quick post‑mortem. Did you post the link publicly? Did someone forward it carelessly? Was your waiting room off? Adjust that setting right then. It only takes a minute, and you will never make the same mistake twice.
Remember, a crashed meeting is embarrassing, but it is also a wake‑up call. Most of the time, the issue is not a sophisticated attack. It is a simple setting that was left off. Flip it on, and you are back in control.
Key Takeaways
- A Zoom meeting without basic protections is like an unlocked house with a welcome sign. Bots scrape public links, and random number guessing works if you skip a passcode.
- Three free settings stop nearly all intrusions: turn on the Waiting Room, require a passcode, and disable “Join Before Host.”
- Manage guests in real time: lock the meeting once everyone is there, remove strangers instantly, and mute everyone on entry to prevent chaos.
- Share invites like secrets. Never post the full join link publicly. Send links and passcodes separately, and avoid using your Personal Meeting ID for open events.
- If a stranger still slips in, act fast. Mute all, remove them, lock the meeting, and report if needed. Then fix the setting that allowed it.
Whether you are hosting a remote team stand‑up, a virtual birthday party, or a telehealth appointment, these steps take only a few minutes to set up, and they spare you the panic of an unwanted guest.
A VPN can add another layer of safety when you are on public Wi‑Fi or sharing any sensitive information during a call, but even without one, the built‑in Zoom locks are powerful. If you do want that extra network protection, GhostShield VPN is one lightweight option that works across all your devices. You can learn more at ghostshield.ai/downloads. For now, the biggest win is simply turning on the waiting room and passcode. Do that today, and your next meeting will be a quiet, private space you actually control.
Related Topics
Keep Reading

T-Mobile 2G Shutdown: What It Means and How to Upgrade Safely

Cookie Stuffing Scams: How to Spot and Stop Online Shopping Theft

How to Stop Google from Using Your Searches to Train AI (Easy Steps)

5 Warning Signs Your Phone Is Hacked & How to Fix It Fast (2026 Guide)

How to Check for Spyware on Your Phone in 2026: 5 Warning Signs & Fixes

AI Chatbot Privacy Risks in 2026: 5 Easy Steps to Stay Safe
Protect Your Privacy Today
GhostShield VPN uses AI-powered threat detection and military-grade WireGuard encryption to keep you safe.
Download Free
Photo by