I want to buy a good quality printer, but I want it to be as safe as possible.
All the good printers I see have wireless capabilities unfortunately. I know the safest would be a printer with no networking capabilities.
If I buy a printer with wireless capability, but without setting the wifi up on it, is it safe, or is there still a decent attack surface?
If I do not set up the wifi, but use it with bluetooth, is it safe?
No, it is not safe at all, but you can make it relatively safe.
Many/most printers have default administrator usernames and passwords that must be changed. Do that as the 1st step.
Make sure you use the latest firmware for any printer (older ones may be vulnerable/exploitable).
Setup wireless printer connections to WPA2 encrypted authentication. Do not allow access to the wireless part otherwise. Basically, do every security measure you would do to a wireless router.
Configure a printer to purge its memory and/or disable the storage functionality or secure its storage.
Even if LAN is not supported, many printers still support connection via USB. Many have additionally a USB port to print from USB sticks directly. So if you see USB, read documentation to understand what exactly USB (or USBs) you have.
Via corresponding USB you can connect it directly to your laptop or PC. Then, you can disable WiFI or, if not deactivateable, just don't connect it to any WiFi network, or if already connected, delete such configuration.
"Is it safe" is so broad that an answer cannot be given. If you mean "is it absolutely impossible that anyone abuses it, the answer is "no".
However, if you take all the normal precautions (see @Overmind), the printer is quite safe.
It also depends on how secure your network is. If you allow anyone on your network (f.e. by advertising your SSID/code in your shop), you will find that the printer is very exposed, and the set-up is probably not safe. If you are in a rural area, with no-one else in your wifi range, then the set-up should be quite safe. You can also segment your network a bit (even with SOHO routers), making it more secure.
The next question is what your damage would be. Although it is possible to use a printer to gain access to your internal network and try to get data from there, that is rarely done, because other access methods are usually easier. Oh, they might also exhaust your ink and paper stock with, possibly with inappropriate content. Or read-out some of your content from a buffer.
If you don't use WiFi, that limits the attack surface. However, be sure that WiFi is disabled and not 'just not configured' (meaning having all the default values).
Bluetooth is actually less secure than WiFi. The advantage of bluetooth may be that it is a separate network and that its range is shorter than WiFi (most of the time), requiring closer presence.
So yes, if you are in a normal home environment, and you take normal precautions (WPA2, no default passwords, firmware up-to date etc), it should be safe enough.
