WPS button (as a physical button) is equally insecure in my view (ok, I admit, less insecure since you need to have physical access to the AP to press it).
The end-result is however the same. Someone able to press that button can gain access to the wireless network without a problem.
But it is a fact (virtual) WPS button is not possible using CAPSMAN, right ?
Its been more than a decade but I remember reading an article... probably by Ruckus... about howyou can trick a WPS network into accepting a client without hitting the button.
It was pretty long and involved...
And Ruckus didn't support WPS. So, anytime I see a wireless only printer. I would make an unencrypted network. Connect the printer to that. Then log into the printer's GUI and set up the connection for an encrypted network. Select connect. Delete the unencrypted network.
But Also, I always take the attitude.
"If it has wired power and doesn't move, hardwire it."