I would not recommend changing router IP address as it is pretty useless and is leaked using DHCP, so you gain no security benefit. However I would like to recommend implementing separate VLAN that has an access to admin UI and SSH or the router. OpenWRT allows you to dedicate physical Ethernet port to such VLAN so unless attacker gains physical access to the router, router's attack surface is pretty small.  

 Thanks for your advice ;)