There's no one way to prevent unauthorized connections but, instead, a series of ways. It's kinda like an obstacle course...a tough obstacle course...designed to persuade an intruder just to move on to an easier target.
Your toughest obstacle would be a strong encryption key ("password"). Change the default admin username, password and SSID. If you don't broadcast your SSID, nobody can see it. If you disable wireless management, nobody can remote admin. Only allow devices by MAC address. If you only have 4 devices, limit the number of assignable IP addresses to 4. If the specific manufacturer of your router has proprietary obstacles, implement 'em.
No one step can stop an intruder because each...on its own...could be defeated; however, multiple tough steps will help.
i used to hide the ssid but in recent years, hiding ssid made the connection unusable for some devices, both fixed + portable. i haven't even tried it on pano unit for fear my wife's phone won't connect to wi-fi.