1. Set Administrator username and password
Freshly-reset DD-WRT will prompt you to set the Administrator username password. Use a username like "wnr2kadmin" or something else that's not "root" or "admin".
2.Temporarily disable wireless.
Wireless - Basic Settings
Wireless Network Mode: Disabled
3. Basic settings
Setup - Basic Setup
WAN Setup - Optional Settings
Router Name: [same as SSID]
Network Setup
DHCP Static DNS: 208.67.222.222 208.67.220.220 (OpenDNS)
Time Settings
Time Zone: America/Phoenix [or your time zone]
Server IP/Name: north-america.pool.ntp.org
Configure MAC addresses
MAC Address Clone
Enable
Leave the OUIs alone and re-configure the address part.
If you don't know what this means, no worries. Using the factory MAC address will work just fine.
Configure wireless security.
Wireless - Wireless Security
Security Mode WPA2 Personal
WPA Algorithms: AES
WPA Shared Key: Passphrase with more than twenty characters.
Configure and re-enable wireless
Wireless - Basic Settings
Wireless Network Mode: NG-Mixed (*)
Wireless Network Name (SSID): wireless (**)
Now your wireless is secured and re-enabled.
(*) NG-Mixed is optimal because it turns off 802.11b, which is recommended. If you have an old 802.11b devices use Mixed or, better yet, de-commission the old device.
Reference: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=876186
(**) If you use a generic SSID ("wireless", "NETGEAR", "default", etc.) it will give you some privacy advantages. If you don't mind broadcasting your unique ID from your wireless devices (phone, laptop, tablet) then use a unique SSID like netgear-nnnn where "nnnn" is the last four characters of your router's serial number.
Reference: https://wigle.net/gps/gps/main/ssidstats
Scheduled reboot
For rock-solid reliability, set your router to reboot itself once a week.
Administration - Keep Alive - Schedule Reboot
Check Enable
Set the day and time (e.g. 3:45 Sunday)
That's it. Now you have a capable and reliable little router for secure and reliable Wi-Fi.