Call me stupid but I'm guessing the issue here is brute forcing the password?
Why not update the firmware to do a few things?
1. Force password change before connecting back to the internet.
2. Add the old 3 failed attempts, 5 min lock out, 4, 10 min lockout and so on.
3. Disable external access to the router by default.