Using netgear routers from before the ISPs started supplying routers to account holders, I’ve always kept our network hidden and set up a closed access list for our various devices. Not because I understood any of it, I just forced myself to plow through the Netgear manual when we got our first router and they made it sound like a good idea. At the time passwords were not even the default setting and we could log on to half the neighbors’ networks quite easily. (sigh)
Recently, though, my iphone’s been nagging me to allow SSID broadcasting, and when I did, my iPad quit connecting all together unless I also disabled my access list.
Hiding your network doesn’t provide you with much, if any security, and never has. Any professional hacker has the knowledge of how to locate your hidden network and the fact that it is hidden actually makes it appear to be of greater interest to them than it probably is.
Setting up a closed access list should certainly work to keep any new MAC address devices from connecting, although Apple has recently done some things to OSs that prevent MAC address determination, so that may be responsible for the new behaviors you are seeing.
You may have to accept router and computer firewalls along with a strong network password as being all you have left, for now.
If you do want to keep your access list, on the iPad, settings, WiFi. Tap the info control at the right hand side of your router listing (the circle “i”), and turn off private WiFi address. While the private address should stay the same for your router (but different for other routers you connect to), it’s possible that it will change, so that will make it the hardware MAC address and remain always the same.
I agree with @alvarnell. A hidden SSID only prevents casual viewers from seeing it, but anyone who is trying to hack in can easily discover your network through means other than SSID broadcasts.
To secure your network, make sure your router has the latest security protocols (WPA2 or WPA3 using AES encryption), disable older insecure protocols (WEP, TKIP encryption) and make sure you have a secure password (you probably already know the rules for that).
If you want to restrict access only to known MAC addresses, you can do that, but I don’t think it’s worth the aggravation of needing to update the list every time someone wants to connect a new device.
If your router doesn’t support at least WPA2/AES, then I strongly recommend getting a new router. In addition to better security, you’ll also get the latest Wi-Fi protocols and probably software that allows more simultaneous connections.
If your router is separate from your (cable, DSL, whatever) modem, then swapping it is easy. If it’s integrated, then consult your ISP to make sure your replacement is compatible or consider getting separate devices for your router and modem (making sure that the modem is compatible).