diff --git a/package/gluon-web-private-wifi/i18n/de.po b/package/gluon-web-private-wifi/i18n/de.po
index 09ba09c2e78a065e642539faf25e0ed08ba47547..b204d8942f60d9d7580981dad69b6c3d72af1647 100644
--- a/package/gluon-web-private-wifi/i18n/de.po
+++ b/package/gluon-web-private-wifi/i18n/de.po
@@ -13,18 +13,42 @@ msgstr ""
 msgid "8-63 characters"
 msgstr "8-63 Zeichen"
 
+msgid "Disabled"
+msgstr "Deaktiviert"
+
 msgid "Enabled"
 msgstr "Aktiviert"
 
+msgid "Encryption"
+msgstr "VerschlÃ¼sselung"
+
 msgid "Key"
 msgstr "SchlÃ¼ssel"
 
+msgid "Management Frame Protection"
+msgstr ""
+
 msgid "Name (SSID)"
 msgstr "Name (SSID)"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Private WLAN"
 msgstr "Privates WLAN"
 
+msgid "Required"
+msgstr "Aktiviert"
+
+msgid "WPA2"
+msgstr ""
+
+msgid "WPA2 / WPA3"
+msgstr ""
+
+msgid "WPA3"
+msgstr ""
+
 msgid ""
 "Your node can additionally extend your private network by bridging the WAN "
 "interface with a separate WLAN. This feature is completely independent of "
diff --git a/package/gluon-web-private-wifi/i18n/fr.po b/package/gluon-web-private-wifi/i18n/fr.po
index 2f6f80f15c0fc0f18a8a5bef40c2afb41fee729a..017794c3d5ebc58cfd7b811ccf05ef747d80d0b4 100644
--- a/package/gluon-web-private-wifi/i18n/fr.po
+++ b/package/gluon-web-private-wifi/i18n/fr.po
@@ -13,18 +13,42 @@ msgstr ""
 msgid "8-63 characters"
 msgstr "8-63 charactÃ¨res"
 
+msgid "Disabled"
+msgstr ""
+
 msgid "Enabled"
 msgstr "ActivÃ©"
 
+msgid "Encryption"
+msgstr ""
+
 msgid "Key"
 msgstr "ClÃ©"
 
+msgid "Management Frame Protection"
+msgstr ""
+
 msgid "Name (SSID)"
 msgstr "Nom (SSID)"
 
+msgid "Optional"
+msgstr ""
+
 msgid "Private WLAN"
 msgstr "Wi-Fi privÃ©"
 
+msgid "Required"
+msgstr ""
+
+msgid "WPA2"
+msgstr ""
+
+msgid "WPA2 / WPA3"
+msgstr ""
+
+msgid "WPA3"
+msgstr ""
+
 msgid ""
 "Your node can additionally extend your private network by bridging the WAN "
 "interface with a separate WLAN. This feature is completely independent of "
diff --git a/package/gluon-web-private-wifi/i18n/gluon-web-private-wifi.pot b/package/gluon-web-private-wifi/i18n/gluon-web-private-wifi.pot
index 0919ddb3faf981c4643eb03af77f791ae661bf7d..057809106f662a6f887eea194faf7fad89938f48 100644
--- a/package/gluon-web-private-wifi/i18n/gluon-web-private-wifi.pot
+++ b/package/gluon-web-private-wifi/i18n/gluon-web-private-wifi.pot
@@ -4,18 +4,42 @@ msgstr "Content-Type: text/plain; charset=UTF-8"
 msgid "8-63 characters"
 msgstr ""
 
+msgid "Disabled"
+msgstr ""
+
 msgid "Enabled"
 msgstr ""
 
+msgid "Encryption"
+msgstr ""
+
 msgid "Key"
 msgstr ""
 
+msgid "Management Frame Protection"
+msgstr ""
+
 msgid "Name (SSID)"
 msgstr ""
 
+msgid "Optional"
+msgstr ""
+
 msgid "Private WLAN"
 msgstr ""
 
+msgid "Required"
+msgstr ""
+
+msgid "WPA2"
+msgstr ""
+
+msgid "WPA2 / WPA3"
+msgstr ""
+
+msgid "WPA3"
+msgstr ""
+
 msgid ""
 "Your node can additionally extend your private network by bridging the WAN "
 "interface with a separate WLAN. This feature is completely independent of "
diff --git a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua
index 9f25bd12bb8887987f113db98eddd1ff8a2895f9..30ba4df31eeba92391c2340dc38249610324c6bd 100644
--- a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua
+++ b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua
@@ -1,5 +1,6 @@
 local uci = require("simple-uci").cursor()
 local util = require 'gluon.util'
+local platform = require 'gluon.platform'
 
 -- where to read the configuration from
 local primary_iface = 'wan_radio0'
@@ -26,6 +27,25 @@ key:depends(enabled, true)
 key.datatype = "wpakey"
 key.default = uci:get('wireless', primary_iface, "key")
 
+local encryption = s:option(ListValue, "encryption", translate("Encryption"))
+encryption:depends(enabled, true)
+encryption:value("psk2", translate("WPA2"))
+if platform.device_supports_wpa3() then
+	encryption:value("psk3-mixed", translate("WPA2 / WPA3"))
+	encryption:value("psk3", translate("WPA3"))
+end
+encryption.default = uci:get('wireless', primary_iface, 'encryption') or "psk2"
+
+local mfp = s:option(ListValue, "mfp", translate("Management Frame Protection"))
+mfp:depends(enabled, true)
+mfp:value("0", translate("Disabled"))
+if platform.device_supports_mfp(uci) then
+	mfp:value("1", translate("Optional"))
+	mfp:value("2", translate("Required"))
+end
+mfp.default = uci:get('wireless', primary_iface, 'ieee80211w') or "0"
+
+
 function f:write()
 	util.foreach_radio(uci, function(radio, index)
 		local radio_name = radio['.name']
@@ -34,16 +54,23 @@ function f:write()
 		if enabled.data then
 			local macaddr = util.get_wlan_mac(uci, radio, index, 4)
 
-			uci:section('wireless', "wifi-iface", name, {
+			uci:section('wireless', 'wifi-iface', name, {
 				device     = radio_name,
-				network    = "wan",
+				network    = 'wan',
 				mode       = 'ap',
-				encryption = 'psk2',
+				encryption = encryption.data,
 				ssid       = ssid.data,
 				key        = key.data,
 				macaddr    = macaddr,
 				disabled   = false,
 			})
+
+			-- hostapd-mini won't start in case 802.11w is configured
+			if platform.device_supports_mfp(uci) then
+				uci:set('wireless', name, 'ieee80211w', mfp.data)
+			else
+				uci:delete('wireless', name, 'ieee80211w')
+			end
 		else
 			uci:set('wireless', name, "disabled", true)
 		end