By changing the username and password, you are preventing them from accessing your router. Even if the person is already in the system, they will not see any changes until after they refresh the page. Once they refresh those changes will then lock them out.
The only way around a lockout is by using back-doors into the system. And by use of back-doors there is nothing to prevent that short of a new firmware version that doesn't allow backdoors.
Your wireless security is independent of router login. However if the person has access to your router settings they can easily see your wireless security settings. Under this scenario changing your router login may not prevent them from accessing your wireless. It would be best to change your wireless security as well.