In addition to 2xg's advice users should use Wireless MAC address filtering also to restrict what devices can connect to the router.
Remove any checkmarks for responding to WAN pings especially with UPNP in mind it can allow an attacker to map your internal network.
If you have the benefit of a radius server on your network, enhance your encryption level to WPA2 Enterprise
and use it to authenticate users before connecting to the network either using username or password or digital certificates. Digital certificates can be used to authenticate routers as well so no rogues get onto the network although these functions are usally found on UTM's such as sonicwall, cisco and Fortinet hardware security devices not home routers.
These UTM's also provide anti-virus, spyware, IPS and DNS binding, Mac address spoofing, Arp poisoning protection.
UPNP is not supported at all by default.
Netbios requests should not be allowed from the internet either this is another way to open up your network to be mapped and used for an attack.
Reverse DNS should not be allowed as this is used to retrieve machine names.
Another advantage of the UTM is they have highly configurable firewalls and NAT so restricting services is easy you only allow the neccessry services thru the firewall and discard or deny everything else.
You can drill down the rules to suit.
Now home routers do not have the advanced features of the UTM's so restricting certain services will be difficult that come in from the internet unless you are proficient in using the cmd line of the router but can be a minefield.
Wi-fi is just one component.
Shields up is a good site for testing what services and ports are listening on the router and computers.
Hope this helps.
Never disable or turn off any security features on the router especially the firewall as this will reduce your security significantly.