There are several protections for wifi, they are WEP, WPA and WP2. WEP can be cracked easily. WPA and WP2 are also not safe recently no matter you are using AES or TKIP encryptions for your PSK. However, at least one client is connecting to the wifi router and your WPA/WPA2 key is in the dictionary (password list) of the cracker so as the cracker can crack WPA/WPA2-PSK.
Recommendation
(1) at least use WPA2-Personal with AES encryption for the key (most likely for home users) or use Captive Portal if any;
(2) keep your WPA/WPA2 key as long (the longest is 63 characters) and complicated as possible, it should includes capital and small letters, symbols and numbers (however, some devices may not recognize such length of the key);
(3) enable MAC address filter (if possible; but not quiet useful for higher security);
(4) do not use factory's WPS feature (or similar, e.g. QSS) as it is quiet danger for users but convenience for crackers;
(5) change your WPA/WPA2 key often; and
(6) use WPA2-Enterprise if possible (it is the highest security so far).
Be keep in mind that this settings may not be worked tomorrow. The world is changing very fast.
By the way, hidden BSSID and MAC address filter are useless as crackers can obtain such information very easy.
That's all! See you.