Hide your IP, remove “online” status, and enable Chat Lock. A complete guide to WhatsApp’s hidden settings
Step by step: PINs, locks, advanced options, and chat “locks”.
Step by step: PINs, locks, advanced options, and chat “locks”.
Meta’s* end‑to‑end encrypted messaging app is used by billions of people. Here’s how to make sure you’re among the most protected users.
WhatsApp is one of the most popular messaging apps in the world—and that very popularity makes it a convenient target. In late 2025, researchers described a new account takeover scheme called GhostPairing, where a user is tricked into linking an attacker’s browser to their WhatsApp. At the same time, researchers showed that contact discovery mechanisms can be scaled to collect large amounts of publicly available profile data.
End‑to‑end encryption remains the foundation: when implemented correctly, it protects message and call contents from interception in transit. But it doesn’t help if the device is infected with spyware, if an attacker gains physical access to the phone, or if the user themselves confirms dangerous actions. That’s why WhatsApp’s privacy settings matter just as much as encryption itself.
1) Privacy Checkup: see what others can see
Start with Settings → Privacy → Privacy Checkup. Here you can limit who sees your profile photo, “About” info, and status.
To reduce your digital footprint, configure Last Seen/Online so outsiders can’t see when you’re active. In the same section, you can manage who’s allowed to contact you: block unwanted calls and messages, control who can add you to groups, mute calls from unknown numbers, and review your blocked contacts list.
2) Disappearing messages: shorten the lifespan of chats
Even with end‑to‑end encryption, messages can be read if the phone is compromised or accessed physically. Disappearing messages help reduce the impact by setting a time after which messages are deleted.
WhatsApp lets you choose 24 hours, 7 days, or 90 days. You can enable this for all chats or for individual conversations. To make it the default for new personal chats, go to Settings → Privacy → Default message timer and select a duration.
Important: this is not a “guaranteed deletion.” The recipient can still take screenshots or forward messages, so trust still matters.
3) Two‑step verification: a PIN as a second factor
WhatsApp accounts are tied to phone numbers, which opens the door to SIM‑level attacks and social engineering. Two‑step verification with a PIN makes account takeover much harder.
Enable it via Settings → Account → Two‑step verification → Turn on (or Set up PIN). Choose and confirm a PIN, and add an email for recovery if possible. WhatsApp also supports passkeys—if available on your device, that’s another strong layer of protection.
4) App Lock and Chat Lock: secure the app and sensitive chats
Even the most secure messenger is useless if message previews are visible to people around you. Check your phone’s notification settings and disable content previews on the lock screen if needed.
Then lock WhatsApp itself: Settings → Privacy → App Lock. On iPhone this uses Face ID or Touch ID; on Android, fingerprint unlock.
For extra‑sensitive conversations, use Chat Lock. Open a chat, tap the contact name, scroll down, and enable Lock Chat. Locked chats are hidden in a separate folder and open only with biometrics. If needed, you can quickly wipe them via Settings → Privacy → Chat Lock → Unlock and Clear Locked Chats.
5) Advanced settings: enable what’s off by default
WhatsApp includes advanced toggles that actually help against spam and some de‑anonymization methods, but they’re often disabled by default. Go to Privacy → Advanced.
- Block Unknown Messages — reduces the risk of message floods commonly used by scammers.
- Protect Your IP Address — hides your IP during calls by proxying them through WhatsApp’s infrastructure. Possible downside: call quality may drop slightly.
- Disable Link Previews — turns off automatic link previews, which in some scenarios can leak extra data.
6) Advanced Chat Privacy: keep conversations inside the app
Advanced Chat Privacy limits actions that often lead to leaks: exporting chats outside WhatsApp, automatic media downloads to the recipient’s device, and using messages for AI features.
- For personal chats: open the conversation → View Contact → Advanced Chat Privacy → enable.
Note: this setting must be enabled separately for each chat. - For groups: Group Info → Group Permissions → enable Edit Group Settings (or restrict permissions so members can’t change settings without an admin), then find Advanced Chat Privacy in Group Info and enable it.
Caveat: users on older versions of WhatsApp may have weaker enforcement of some restrictions, and you won’t always be notified.
7) Disable Read Receipts: fewer behavioral signals
Blue checkmarks show when a message has been read. Useful—but not always private. Disable them via Settings → Privacy → Read Receipts.
This works both ways: you’ll also stop seeing read receipts from others. It doesn’t apply to group chats.
8) Turn off auto‑saving media and use view‑once
By default, WhatsApp often saves photos and videos to your gallery, which isn’t ideal for privacy or organization. Disable auto‑saving via Settings → Chats → Save to Photos (turn it off).
You can also send photos, videos, and voice messages as view‑once. Before sending, tap the “1” icon in the caption field so the media can be opened only once.
Extra tips
These steps complement everything above and often provide quick security gains:
- Regularly review Linked Devices and disconnect anything unfamiliar—this is the best way to catch suspicious WhatsApp Web sessions early.
- Set a SIM PIN and secure your carrier account and cloud backups.
- Keep WhatsApp and your OS updated—many attacks rely on outdated versions and delayed updates.
- Never approve device linking at the request of “support” and never share codes. Almost every takeover starts with social engineering.
