diff --git a/README.md b/README.md
index 64289e5e601..9e8c8613f33 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,29 @@ git add -A && git commit
 
 [More Information](http://openmage.github.io/magento-lts/install.html)
 
+## Secure your installation
+
+Don't use common paths like /admin for OpenMage Backend URL. Don't use the path in _robots.txt_ and keep it secret. You can change it from Backend (System / Configuration / Admin / Admin Base Url) or by editing _app/etc/local.xml_:
+
+```xml
+<config>
+    <admin>
+        <routers>
+            <adminhtml>
+                <args>
+                    <frontName><![CDATA[admin]]></frontName>
+                </args>
+            </adminhtml>
+        </routers>
+    </admin>
+</config>
+```
+
+Don't use common file names like api.php for OpenMage API URLs to prevent attacks. Don't use the new file name in _robots.txt_ and keep it secret with your partners. After renaming the file you must update the webserver configuration as follows:
+
+* Apache .htaccess: `RewriteRule ^api/rest api.php?type=rest [QSA,L]`
+* Nginx: `rewrite ^/api/(\w+).*$ /api.php?type=$1 last;`
+
 ## Changes
 
 Most important changes will be listed here, all other changes since `19.4.0` can be found in
diff --git a/app/code/core/Mage/Api/Helper/Data.php b/app/code/core/Mage/Api/Helper/Data.php
index 1cd45da5565..057c74973e9 100644
--- a/app/code/core/Mage/Api/Helper/Data.php
+++ b/app/code/core/Mage/Api/Helper/Data.php
@@ -380,7 +380,7 @@ public function getServiceUrl($routePath = null, $routeParams = null, $htmlSpeci
         $uri = Zend_Uri_Http::fromString($url);
         $uri->setHost($request->getHttpHost());
         if (!$urlModel->getRouteFrontName()) {
-            $uri->setPath('/' . trim($request->getBasePath() . '/api.php', '/'));
+            $uri->setPath('/' . trim($request->getBasePath() . '/' . basename(getenv('SCRIPT_FILENAME')), '/'));
         } else {
             $uri->setPath($request->getBaseUrl() . $request->getPathInfo());
         }
diff --git a/app/code/core/Mage/Api2/Model/Route/ApiType.php b/app/code/core/Mage/Api2/Model/Route/ApiType.php
index 194cce60208..2e595206494 100644
--- a/app/code/core/Mage/Api2/Model/Route/ApiType.php
+++ b/app/code/core/Mage/Api2/Model/Route/ApiType.php
@@ -35,6 +35,7 @@ class Mage_Api2_Model_Route_ApiType extends Mage_Api2_Model_Route_Abstract imple
 {
     /**
      * API url template with API type variable
+     * @deprecated
      */
     const API_ROUTE = 'api/:api_type';
 
@@ -56,6 +57,6 @@ public function __construct(
         Zend_Translate $translator = null,
         $locale = null
     ) {
-        parent::__construct(array(Mage_Api2_Model_Route_Abstract::PARAM_ROUTE => self::API_ROUTE));
+        parent::__construct(array(Mage_Api2_Model_Route_Abstract::PARAM_ROUTE => str_replace('.php', '', basename(getenv('SCRIPT_FILENAME'))) . '/:api_type'));
     }
 }