Consumer routers are notoriously unsecure. Some models should be avoided regardless, but there are steps that you can take to make your home network better protected against being compromised.
Routers to Avoid
While it is an impossible to task to list all of the routers to avoid, it is possible to provide some general advice that should help. The big electronic retail chains in your area stock many routers that are not worth your money. Do your research, and then, choose. You can buy local, but do not assume that because the Best Buy down the street carries it that it is a good router. It probably is not. Also, do not use the router provided to you by your Internet service provider. The sheer volume of those routers in use makes them a prime target for hackers.
Home Network Administration Protocol
HNAP is a management tool that has a number of serious vulnerabilities. The good news is that most routers have stopped using it. But if you have an older Linksys, which is a very popular brand, then you may have the problem. You can test this by using a web browser and appending /HNAP1/ to the IP address you use to connect to your router. If you get a response, that router has to go.
Wi-Fi Protect Setup
WPS is a tool supported by many routers that makes it easier to connect the wireless internet enabled devices in your home. It is also a potentially huge security risk. If someone working in your home were to take a picture of the label on the bottom of your router, they could then have unfettered access to your network. Disable WPS. Connecting your devices through the standard methods is not that hard.
Avoid Router-Modem Combinations
Many ISPs give out a single unit that is both a modem and a router. Not only is this an ISP-provided router that you should not use, it is inherently less secure than a standalone router. Use your own router, which will require you to put the combination router into bridge mode. This is usually quite simple, but in some cases, you will need to call your ISP to turn the bridge feature on.
Invest in a Low-End Commercial-Grade Router
Consumer-grade routers are as cheap as $20, but you get what you pay for. A low-end commercial-grade router will cost you about $200. But that price is well worth it. The equipment will last. It will be secure, and it will have a team working on it on an ongoing basis to keep it secure.
Upgrade Your Firmware
Updated firmware is how your router brand keeps your router model secure. Check for new firmware each month and update right away if it is available. You should also check for updates whenever there are news stories of serious router vulnerabilities affecting the industry at large.
Optimize Your Router
Change the administrative credentials. Never use the default credentials or those provided to you by an installer. Change the network name or SSID to something unique. Enable automatic firmware updates if you have that option. Enable WPA2 and, if applicable, WPA3 wireless encryption. Enable a guest Wi-Fi network that you can offer to visitors. Disable cloud-based router management.
Disable remote administrative access and administrative access over Wi-Fi. Ensure that both the 2.4 GHz and 5 GHz band are enabled and that any device that can use 5 GHz does. Alter the settings for the administrative web interface to an IP address that is unique to you. Disable PING, Telnet, SSH and UPnP. Update the Domain Name System to one provided by OpenDNS, Google Public DNS or Cloudflare. Whenever possible, use a VPN and surf using incognito/private mode.