Would a good router password minimise the chance of it getting infected?
A good password can sometimes be all that's required. Everything else discussed above reduces and in some cases eliminates threat surface.
Remember, there are few methods to magically compromise a router from remote unless the login credentials are known or easily guessed or you practiced bad IT. Your gateway IP is leaked everywhere. In your postings, gaming, chat clients, email clients, websites you visit. So your GW is entirely known. An attacker generally can't magically compromise your gateway unless you leave it open by leaving the router default or have a simplistic username/password combination. There millions of automated hacking systems scanning the internet for default/open routers (SHODAN, etc), commercial or otherwise. I can show you logs of an attack on a visible router that show 10,000 brute force attempts from remote per day. In that particular case the sloppy IT left SSH open and on Port22. So the remote hackers discovered it and added the GW IP to their auto-hack systems. Endless 'Root' and 'Admin' username/password combinations attempted.
Some additional ways to secure a home router are to eliminate WAN access to admin. Just do it locally on a local machine or VPN to the local network and access the router through there. Many compliancy and pentest doesn't permit access to admin through WAN. In my case, I allow admin access through WAN but only timed from 9AM-5PM when I am at work and even then HTTP redirect is disabled and there is a custom port with a 30 character password. Any other time admin access is completely disabled through anything but a single local IP. Some consumer routers have the ability to limit admin access to a specific IP address (ASUS, not sure about others). That's a good way to eliminate a huge number of threats.
Let's break it down like this;
Reckless - Default.
Acceptable - Unique, long password on router.
Better - Unique username, long password on router.
Excellent - No HTTP redirect, Unique Admin Port, Unique username/password.
Superb - No WAN access for admin (HTTP, HTTPS, SSH, etc all disabled on any WAN IP), unique username/password, unique port for admin on LAN.
Astounding - No WAN access for admin, Unique username/password, restricted admin access to a single IP on LAN, unique port for admin on LAN.
Take your pick.
One last thing.. Most of you are probably on modems set to DHCP with no statics. If you have a static it's much easier for someone to lock on to you. Since you are probably DHCP if you unplug your cable from your modem, turn off the modem and wait a bit, then plug everything back in you'll grab a totally new IP address in most cases. Most cable firms have a very very low lease time on IP addresses. Once your IP flips, sometimes to a different scope, you've dropped off the radar again. At least temporarily. A good hacker can find you again but it can take 2-8 days, then you can just flip it again. I cycle my GW IP every Sunday as a simple, easy threat reduction method.
