Red Squirrel
No Lifer
Make sure you have a good password on the router as well.
The admin interface should not be facing the internet, if it is, then turn that off!
Anything administrative that is facing the internet needs to have some form of brute force protection or it's not a matter of if but a matter of when, someone gets in. Idealy there should be only one entry point.
Best bet for remote access is VPN, and some form of port triggering. (you don't want that port wide open... remember heartbleed?) I still need to look into the best way of doing that for myself though. For now I just have the port open for my work IP.