Set a strong username and password, and disable all web access (SSH and HTTP/HTTPS). Make sure you have the latest firmware. If you suspect there is any chance you may have been infected (i.e. you had web access enabled), hard factory reset the router (hold WPS button while booting on most models, but you can look up the process for your model) and configure by hand, not from a backup. This is about all you can do, it may not be 100% guarantee but is good practice regardless.
In fact it would be best to factory reset, configure just enough to get in, upgrade firmware, factory reset again, and then configure everything by hand.
The hard factory reset formats the jffs partition. where holding the reset button does not, so you want to do the hard version as JFFS is where malware gets stored. If you are running merlin, you can be extra sure by doing all of the above but be fore reconfiguring after the second reset, check off "format jffs at next boot" and reboot. Then reconfigure. So you're formatting JFFS twice just to be extra sure.
If you don't have reason to believe you've been exposed to anything you can just make sure all WAN access is disabled and you have a strong password.