Apple has a useful page on how to set up your routers securely. They don’t currently have a router product so this isn’t about how to configure an Apple product. The advice applies to any router. The page is advertised as a way to configure the “settings for Wi-Fi routers, base stations, or access points used with Apple products” but the advice is good regardless of what devices you’re using.
The TL;DR is
- Use WPA3 Personal for the routers security setting
- Set the SSID to a unique name
- Disable the hidden network setting
- Disable MAC filtering
- Enable automatic firmware updates
- Configure Radio Mode to All or Wi-Fi 2 through Wi-Fi 6
- Enable all bands supported by the router
- Set Channel selection to Auto
- Set channel width to 20 MHz for the 2.4GHz band and Auto for the 5GHx band
- Enable DHCP unless some other devices on the network is providing this service
- Set the DHCP lease time to 8 hours for home & office networks
- Enable NAT unless some other device is providing the NAT service
- Enable WMM
The above is just a précis of the advice on the page. Read the article for the details on the advice and what the various settings mean. Again, even though this is an Apple page, the advice is applicable even if there are no Apple products on your network. There is a bit of advice and corresponding settings for a Mac, iPhone, or iPad but that’s in a separate section and can be ignored if you don’t have one of those devices.
Update
: Added link to Apple article.