Is there any guide to secure a openfire installation? Any thing like letting only the essentials/minimalist services/ports running.
There is no such guide per se (at least official one). For ports you can just open 5222 for clients and 9091 for remote administration (TLS one). Do not open 9090 (plain text administration port). Make encrypted connection as Required in SSL settings for clients (and servers if using server-to-server connections). That’s about it.