So, how well do MAC address restricted WiFi routers do on security?
MAC addresses can very easily be spoofed. It is not a preferred method to proper hardening, but then when it comes to wireless, nothing is.
Your best level of security is to not have wireless at all. If that’s not an option, using RADIUS for authentication and preferably using 2FA (2-factor authentication) where the machine has to have a certificate AND a password is required is the best security for a wireless network. Since that’s incredibly complex for a home user, just changing the router password, changing the IP address (preferably to a class A or B), turning off WPS (it’s a shortcut, of course it’s susceptible), and using WPA2 with AES encryption is your best bet.
Again, nothing is foolproof, but this will stop over 95% of attack attempts. If someone really wants to get into a home user’s network, even my own, they could do it. It’s a level-of-effort thing.