He will be able to look around your network, unless you can set him up as a guest on your wifi.
My router will allow me to set guest accounts, it then gives them just the net, and not my internal network.
Guest access is good, some up-market routers have a DMZ with completely separate IP network etc.
This works great for "normal" people, as it's a bit arcane to nose around beyond this.
BUT
WiFi is really not very secure in the first place.
Equipped with a laptop and the right software, a skilled hacker can get into almost any WiFi net these days, without violating any physical personal space.
It's not too difficult to latch onto the WiFi network, and once in, it's much easier to packet-sniff and wireshark around until you can attack individual computers and devices.
Especially the light-bulbs and thermostats are nasty, as recent news items have given evidence about.
Many have been hi-jacked and been used in botnets.
Which is not that bad, compared to much worse with key-loggers installed on computers and pads, and stealing log-in details, ransom-ware etc.
With a wired network, you need physical access to your house - which is a lot more difficult than driving by and picking up WiFi networks.
So it's really a matter of deciding to live with the risk, or to structure the network to have several perimeters (e.g. computers to do banking on living only wired connections not shared with WiFi). The latter is a bit more cumbersome and probably not for your average consumer.
I've tried a compromise - my network has an "inner courtyard" with the important computers in it, and an outer courtyard with the consumer devices + WiFi), and thirdly a guest zone for guest WiFi access (they normally just want internet).
This is implemented using the WiFi in the broadband router for guest access to internet, a dedicated firewall/router to separate outer courtyard and guest zone, and having a separate access point for the outer courtyard. The inner courtyard is behind another router, providing classical two-tier firewall configurations.
But of course this will by many be considered overkill.
Most consumers don't even reckognise the danger, though, so the idea of multiple boxes and Cat5/6 cabling turns many people off.
(apologies for the rant, i just got started and then it's sometimes hard to stop...
)