I'm writing a series of articles in my blog on how to secure XAMPP. It is turning out to be a big project, so I'm publishing pieces of it at a time as I write them.
My most recent article is about removing folders and pages that you don't need. See it here:
My first article is about how the "forbidden" folder works: