Thee interfaces each get unique security level:
Inside 100
Wi-fi 50
Outside 0
By default Inside can communicate to any lower security level i.e., wi-fi and outside.To prevent this, create and apply to acl to inside interface:
access-list inside_access_in extended deny ip any4 <wi-fi network>
access-list inside_access_in extended permit ip any4 any4
access-group inside_access_in in interface inside