This is a little checklist I wrote a long time ago. It’s simple, and doesn’t get much into the technical details.
This settings are all standard, so they should appear regardless of your router model, although different brands may group some of them into different categories with different labels.
1: Change the default password
Routers come from the factory with username and password combinations such as “admin:admin” or “admin:password” or sometimes they don’t even have a password!
The first thing you should do is change that default password to a stronger one. If not, you can secure every other aspect of the network, but anybody would be able to modify all of that in a second.
2: Enable WPA2
When you use a WiFi network the information is sent through the air. If the data is not protected—which is what happens when you connect to an access point that doesn’t ask for a password—then anybody who is paying attention can take a look at all that information. Many people find it ok to leave their WiFi connection without a password, sometimes as a convenience to their users, but it is very unsafe.
To avoid having the information exposed to anybody, encryption is used. That makes the information seem like noise to the outside viewer, making no sense. There are a couple of protocols that you can choose to use in your router: WEP, WPA and WPA2.
You should make sure to select WPA2. This is a setting that probably isn’t selected as a default by your router due to compatibilty with older devices, but at this point all of your devices are probably compatible with it. WPA offers a weak protection and WEP even more so, so make sure that this is one of the first settings that you change.
3: Disable wireless (over-the-air) access to setup
There’s an option on most routers to disable access to their configuration menu through the wireless connection. If you have a machine plugged in directly to the router using a cable, and you can exclusively manage the configuration of your network using that machine, then you should consider disabling that option. Your router should be safe if you selected a good password, but this offers one more layer of protection.
4: Disable WPS
This is a setting on some routers that should allow a device to be connected to a network in an easier way. If your router supports it, you can probably see a button on it’s panel with a logo that looks similar to your browser’s refresh button, or a label with a PIN code.
This setting has security problems (being easily cracked by brute force) and, as far as I know, it’s not used by many people. So the best bet is to disable it.
5: Disable UPnP
This is one of those technological advances that should make things easier but ends up being a huge security problem, potentially exposing your internal network to the Internet.
You should try disabling UPnP and checking whether all of your devices still work (mostly devices such as network printers, or smart TVs). If they do, leave it off.
If some of them fails to work or works incorrectly, perhaps a google search might indicate a workaround to have that device work without UPnP. If and only if you find it super essential, then enable UPnP.