How to Add a Business to CitySearch

I’m in the process of doing some link-building for my business, and I noticed that some of my local competitors are listed in city and business listings that I’m not.  One is called CitySearch.

I debated whether or not it was worth the effort to get listed in this type of local business directory. In the end I decided I should. First off, my competition is there and I’m not.  Second, there is some SEO benefit to being listed in business and location-specific directories, since they often manage to rank higher for key search terms than the businesses in the listings they provide. So if folks search for “computer repair in mifflinburg” and get local business directories first, I probably want to be there.

CitySearch doesn’t have an Add Your Business button. So How, pray tell, do you get into their business listings?

How to Add a Business to CitySearch

According to CitySearch’s FAQ (now hidden away at the bottom of their About Us page),

Citysearch partners with InfoUSA for local business data. They offer an Express Update service that allows merchants to update their listing data as well as add new businesses. Once you’ve added your business please allow 1 – 2 months for the information to be on Citysearch. Find out more at: http://www.expressupdateusa.com. CitySearch FAQ

Once you discover this little nugget of truth, getting listed is actually pretty easy.  Follow the instructions below.

  1. Go to ExpressUpdate and create an account. If you’re like me and totally distrust services like this you’ll be wise to use a junk email account to register. Don’t worry: you can associate a different email address with the actual business listing.
  2. After you’ve registered go back to the home page and search for your business. If it finds it, great! Claim your business and make any changes it requires to keep it current. If not, follow along.
  3. If the search didn’t find your business, you’ll see a link to Add it Now. Click that link and you’ll be provided with a form to add all of you business information. Once that’s completed, you’ll have to verify via phone that you have permission to manage the directory listing for this business.
  4. After phone verification your listing will go into a verification state. Mine took a few hours, but eventually it was ready for me to claim.
  5. Go back to ExpressUpdate, login, and on your dashboard you’ll see a table of business listings you manage. Go ahead and click Claim. It will give you a phone number to call to complete the process.
.htaccess rewrite rules that impacted the search feature on my WordPress site.

IThemes Security Plugin and Dangerous Search Queries

I’m a huge fan of iThemes Security (formerly Better WP Security).  I’m such a fan, in fact, that I use it on many of my own sites as well as the WordPress sites that I manage for my current employer.  But anyone that’s used iThemes Security knows that sometimes it’s does a little too good a job and you eventually run into false positives and unintended consequences.

Today I ran into such a situation.  I manage 4 separate WordPress sites for distributor of industrial plumbing and HVAC components.  A client who was looking for a very specific part let them know that their site was crashing when he entered it into the search bar.

That part they needed was an insert.

What do we know about the word “insert” that might explain why only that search term was causing a problem?

We know that WordPress uses a MySQL database, and we know that an insert is a type of SQL query that writes to the database.

Could it be that iThemes is being helpful, and blocking requests to the site that look like they might be trying to write to our database?

The fact that I was seeing an Apache generated error page and WordPress wasn’t even trying to handle the request suggested that the problem happened before the request was ever passed off to the CMS. So I opened the .htaccess file for one of their sites, searched for the word insert, and found the offending lines.

Update: I’ve moved the code over to GitHub.

Basically these rules cause Apache to drop requests with suspicious data in the query string. If you look closely, one of those rules includes words like request, contact, union, declare, and insert. Deleting the offending line from the .htaccess solved the problem.  I like the added protection these rules provide, so I only recommend removing them if they cause a problem.  These rules try to prevent hackers from sending malicious code to your website in the first place, so if some code in your WordPress install forgets to sanitize user data, you’re still somewhat protected.

I had to remove this rule because insert is actually the name of a product the client was selling through their site and blocking this search term could affect sales.  Before you remove these rules, weigh the pros and cons of your own situation.

On the Recent WordPress Security Updates

In the last two months we’ve seen a number of WordPress security updates.  April 21 brought us WordPress 4.1.2 which fixed 4 security issues. A wide-spread vulnerability in numerous WordPress plugins was simultaneously announced and was followed by a rash of plug-in updates by vendors including Yoast. A week later WordPress 4.2.1  was released with a patch to a cross-site scripting vulnerability found in the comments feature. Then just a few days ago WordPress 4.2.2 patched a vulnerability in the bundled Genericons font package.  The WordPress naysayers have been saying nay for weeks now. Is their negativity justified?
The WordProcalypse ended not with a bang, but with a “meh.” WordPress updates itself automatically now. And if you’re in the practice of only installing reputable plug-ins and themes, updating your plug-ins is pretty painless.
Consider this: all of the vulnerabilities fixed by these updates were detected either by the core WordPress team or community members who develop extensions.  None of them were the results of a zero-day exploit.
I think the recent rash of WordPress Core and plug-in security updates is a Good Thing.  It’s proof-in-the-pudding that the WordPress community has matured. It’s a sign that everyone involved in WordPress’s success from parent company Automaticc to lone plug-in authors are taking it seriously.