1. for sure, reset the system
/system reset-configuration
2.1. wifi – disable interface
/interface wireless disable wlan1
2.2. set wifi security policy
/interface wireless security-profiles set * mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="P@ssw0rd1234!" wpa2-pre-shared-key="P@ssw0rd1234!" supplicant-identity="wifi-krai" eap-methods=passthrough tls-mode=no-certificates tls-certificate=none mschapv2-username="" mschapv2-password="" static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m management-protection=disabled management-protection-key=""
2.3. configure and enable wifi
/interface wireless set 0 ssid=wifi-krai wps-mode=disabled band=2ghz-g/n /interface wireless enable wlan1
3. set default user name and password
/user set 0 name=root /user set 0 password="P@ssw0rd1234!"
4. disable unnecessary services
/ip service disable telnet /ip service disable ftp /ip service disable www /ip service disable api /ip service disable api-ssl /ip service disable winbox /ip service disable www-ssl
5. secure the ssh service
/ip service set ssh port=2222 /ip ssh set strong-crypto=yes
6. name the interfaces
/interface set 0 name=WAN1 /interface set 0 name=LAN2 /interface set 1 name=LAN3
7. set the DNS servers eg. from OpenNIC
/ip dhcp-client set 0 use-peer-dns=no use-peer-ntp=no /ip dns set servers=51.254.25.115,193.183.98.66,51.255.48.78
8. set router name
/system identity set name=router.krai.local