cookandkaye

scientific and technical website design projects news

WordPress templates

Customisable templates for WordPress have been available from third parties for some years now, these allow anyone (with the time) to create truely unique websites that are (with a bit of design flare) attractive and engaging. This facility is now available to everyone using WordPress – it shipped free with the latest WordPress template ‘twentytwentytwo’!

This development was immediately of interest to us, as we had a client looking to build a low-cost site that never-the less included a lot of quite complex, but customisable, layout. Armed with the new templating system we set off to see if it could be leveraged to deliver this. Our objective was to build a home page similar to in the visual below:

Here the home page template would have been called on to change most items in the main banner – namely a floated png of the vehicle, the ‘Test drive …’ message and the background graphic. With a conventional site, this degree of customisation is problematic using just the WordPress block editor (which has a tendency to fall over if the layout gets a bit tricky). To get around this we would have added a plugin to help the client through the process of editing the components for the home page in the WordPress administration section. Clearly if we can avoid having to customise one of our back-end plugins then we could save money on the build, and get a website that might be ‘more compliant’ to what WordPress is trying to achieve with its CMS.

Unfortunately, we ran into a lot of problems, the most critical being that we could not switch to a custom home page in place of the standard blog-roll, so we ended up with posts on the home page, and no way to replace this with our customer facing message …

This is perhaps only to be expected – the templating facility is still labelled as ‘in beta’ (February 2022). It does, however, demonstrate a lot of potential for the future, and we will doubtless re-visit this topic soon.

A brief history of customisable templates

A CMS driven website typically has a pretty rigid skeleton, within which the client (this might be you) can change the content, and has some limited control over how this content is layed out. Until comparatively recently, control over layout meant floating images left or right, and adding pre-defined blocks of ‘featured text’ (block quotes and headers pretty much sums it up). The new WordPress block editor allows the client to create some pretty complex content layouts if they have the patience. The header and the footer, however, are still usually hard coded. Occasionally you will get a widget area in these sections that you can make some changes to – but unless you are happy to write custom HTML/CSS you are stuck with the layout your designer created for you in these sections.

A customisable template allows you to take control of all aspects of your site layout!

Many users want the freedom to change all aspects of their layout, so it is no surprise that customisable templates are not a new concept. Early versions of WordPress allowed you to hand edit the template in the administration section, but this turned out to be a really bad idea. You needed to be able to write and understand HTML and CSS to get anything that looked half decent, but easy access to the code editing facility offered a great opportunity for hackers to do whatever they liked with your precious site (and they did). As a consequence, for a long while templates were hidden away from the admin panel; and left to the designer.

Modern templating systems avoid many of the pitfalls of giving, potentially malicious, users access to code presented to visitors. They are strongly focussed on layout elements, rather than offering a complete virus factory, but they do still come with some warnings attached:

A custom template capacity adds load to your hosting environment, and you need to be aware of this and ensure that your site is properly resourced. In many ways custom templates are the antithesis of our design philosophy over the last decade, where we have worked to build untra-light websites that can run quickly and efficiently. To combat this some of the better templating facilites do offer some optimisation facilities – and if you are going to use them, you should look out for these options in their control panel!

While most of our design at CookandKaye is for laboratory based personel in HE environments, where phones are not heavily used, typical visitor data for other sites shows that most of your visitors will visit your website on their mobile phone. To account for this your site should be flexible, it needs to accommodate your visitors irrespective of the type of device they are using. The templating and editing systems should come together to help you there – but you must remember to check how the site looks on a phone screen (assuming you are designing on a larger device!).

Some of our clients have already started the journey of designing and building their own, fully customised, websites. Many, however, do not have the time or inclination to take on what is a tricky design project that needs to balance a lot of requirements if it is to result in a usable interface fo their intended public!

Even if our clients do not want to take on the role of web-designer, the custom template facility will greatly lower the bar for new site developers. The need for an understanding of HTML, CSS and Javascript in a web designer is coming to an end…

Society for Natural Sciences

Above: A wide-screen view of the home page of the Society for Natural Sciences (taken February 2022).

Having built a small number of custom sites for learned societies, the Society for Natural Sciences was our first ‘off the peg’ society website. It had been requested following our work for the UKSB, a society with which it shares a number of active officers, so shares a common design, though the WordPress block editing system has allowed the two sites to develop some individuallity.

Again the site is based on the popular WordPress content managment system, which allows the society to add and change content both for public consumption, and within its private ‘members only’ area. A custom suite of plugins allows the society to manage its membership, who can pay their subscriptions online through the site, and are sent automated reminders to do so each year. The membership database integrates with the ALO Newsletter plugin, allowing the society to send newsletters to its membership, keeping them informed about events within the Society.

WordPress Security for members data

Generally WordPress sites are subject to a lot of unwanted attention from hackers, and so we include a number of features to protect member’s data. These include hiding the login page, and blocking attacker’s IP addresses after a couple of failed login attempts. More recently we have added 2-part authentication as an option for all administrator logins. The expectation is that this will provide some security even if an administrator’s password is compromised, though we strongly recommend that societys continue to enforce strong passwords for all administrators!

Security bulletin: Fraud against learned societies

Online fraud has hit pandemic proportions over the last two years. The increased volume of attacks is annoying, but profiling techniques are making these attacks a lot harder to spot, and societies are being targetted…

Learned societies face some unique challenges in combating fraud:

  • The executive officers for the society typically carry out their duties in their spare time, and consequently communications between them rely on email …
  • Background details for the executive officers are easily obtained through the society website, their academic website pages and from any social media presence they might have.
  • The details of any conferences or meetings being run by the society are a matter of public record (you are advertising them) – so a short list of likely financial transactions can be compiled.

A recent attack started with a personal email purporting to be from the chairman to the treasurer – apparently harmless, it asked how the treasurer’s family was in passing. This reference encouraged the treasurer to believe that the email address was genuine, while in fact the personal information mentioned in passing had been scraped from social media. Subsequent emails asked about how the society’s audit was proceeding, and finally asked the treasurer to pay the audit team using the bank details provided.

The sum involved was not astronomical, but a nice fee for an hour’s work profiling the executive committee, and a couple of email messages. In this instance the plan was foiled because the treasurer cc’d the chairman’s genuine email account into the last email confirming that he had made the payment. Thankfully the chairman was also working over the weekend, spotted the email, and got in contact in time to get the transaction reversed.

Why did the attack come so close to working?

The attacker used a reasonable email address in the ‘from’ email header. It looked like a genuine University address, but did not actually exist. This email would not be used in any communications with the fraudster as the ‘reply to’ address (which you will often not bother to look at, but it is what your email client will communicate with) was something entirely different. Note some email clients will pick up on this and flag a possible phishing attack.

The attacker inserted some personal details into the email from Social Media that encouraged acceptance of the email at face value. Typically executive officers only meet up a couple of times a year, so the attacker does not need to know the target’s personal life in depth (do you remember what you said to the chairman after the conference in September 2020 anyway;-).

The attacker worked on a weekend. Society executives will typically work weekends, as they are trying to fit Society work around their day job; but this is likely to delay any response from your bank, and increase the chance of the attacker getting away with the cash…

Is it only the treasurer that should be alert?

Generally a fraudster is after money, so the treasurer is the most attractive target within the Society. The Society’s membership details can also be relatively easily monetised, however. Loss of this information would open the Society to the possibility of blackmail, but the information can be leveraged with very little risk by sending your members bogus requests for membership or conference fees…

How would you stop this attack?

To prevent this sort of attack you need a means of confirming the identity of the person you are communicating with. You can go down the root of WW2 spies and issue pass-codes or one-time pads to your executive (there are modern equivalents, for example 2 part authentication, email authentication etc. but they are not as easy to deploy), or you can arrange a brief video call, which raises the bar for any imposter, even in these days of fake news…

It is a very rare occasion that a transaction is so time critical that it cannot wait a couple of days for you to schedule a video call. If it is the chairman will probably want to discuss it face to face anyway!

See also: The other virus pandemic

Barry Kaye, July 22nd 2021

TFI Network+

Screenshot from the TFI Network+ website.

The UK’s Engineering and Physical Science Research Council has provided £2M of funds to form the TFI Network+, which has the objective of connecting scientists and UK foundation industries (glass, concrete, ceramics, paper and chemicals) to remain competitive whilst simultaneously facing challenges from environmental legislation.

The website offers a membership section, within which members can find partners, and submit proposals for funding. Each proposal consists of two uploaded documents – the personal details of the applicants, and the annonimised application itself. Within the administration section proposals to each funding call can be viewed, and proposals can be scored to easily rank them prior to making funding decisions.

The membership section is based on our well established work for Society websites, while the proposal upload section is a custom development for this project. We also developed the Network logo and site design in consultation with the clients.

The original home page featured an interesting application of the CSS ‘stick’ class, but the TFI Network administrators have taken on content managment very pro-actively; reflecting the dynamic nature of this are of research. TFI Network administrators typically publish several articles a week covering all aspects of energy and resource efficiency in the foundation industries, demonstrating what you can do in WordPress with a dedicated and talented group of content providers. (Updated February 2022).

BioMedEng Association

Screenshot from the desktop version of BioMedEng Association website.

The Association of Biomedical Engineers, Medical Engineers and Bioengineers (BioMedEng Association) represents a broad membership that use engineering tools and techniques to solve problems arising from biology and medicine.

The new website allows the BioMedEng Association to offer membership discounts to its annual conferences while reducing the exposure of members personal details to the local conference management committee. Each annual conference can be run in a separate WordPress instance using the Multisite option in WordPress installation. Member integration is offered through a set of custom WordPress plugins. Colours, banner and footer areas can be changed in the default conference sub-sites, providing the conference organisers with the option of easily developing their site based on the parent BioMedEng Association appearance. The conference sub-site templates offer registration management, account overviews, and private pages for registrants. Payments are readily managed through PayPal, typically the local conference organiser can set up their own PayPal account to manage these finances.

George & Dragon, Lancaster

George and Dragon logo, remastered from the pub-sign original by Barry (Sept. 2020).

The George and Dragon is one of the oldest pubs in Lancaster – it has been serving beer for longer than many coutries have existed! It was a great pleasure to work with Mike and Anne to develop this new website for them – allowing visitors to check what is available without crowding around the bar.

The new website is driven by a custom administration section that allows Mike to add new beers to his cellar, and put them on the virtual bar at the click of a button. The one-page site is built around Google’s ‘Rich Results’ platform, providing meta-data to help publicise opening times, current selection of beers, and events (when these become possible).

The George and Dragon Pub on the historic Quay in Lancaster. (Photo by Barry Nov. 2017)
the George and Dragon (center) on the historic quay in Lancaster.

With the relaxation in COVID-19 rules, table service is no longer offered.

The George & Dragon pub, Lancaster

Viruses and viruses

Amongst the unwelcome side effects of the COVID-19 pandemic is an increase in phishing and hacking activity. Perhaps as a result of the reduced opportunities as a consequence of lock-down, smaller websites and companies are finding themeselves on the receiving end of quite carefully targetted phishing and hacking attacks.

To add to the problem, attacks are becoming lot more sophisticated; I was quite impressed by one effort asking me to login to my account at Gooql adwords, to re-activate my account.

Less dangerous, but no less annoying, is the upswing in unsolicited spam. Most of this is now also carefully profiled to match your potential personal interests or business requirements. It almost makes you nostalgic for an invitation to look after a few million dollars from a Liberian Prince…

(When is Elon going to get back to me with those bitcoins?)

Blockprint your mug with SVG!

We’ll start with a real webdesign conundrum: How do you build a site that is interesting, but does not overload my server, your data-connection, or your device’s processing capability. I guess you might also appreciate my not using up all of this months data allowance too!

You can start block printing your mug design with this traditional gardener’s plea: Grow, damn you!

Flower blockprint dev

Here I have built a large-ish graphic using the block printing concept; a concept I first encountered on the mugs my mother owned in the 60’s. The design is generated by repeating three simple graphical elements. When you click the ‘Grow, damn you!’ link these are assembled in a step-wise fashion to generate a pseudo random pattern. I believe there are 274 million different final designs possible (see wikihow.com); most permutations look OK, though some are more visually interesting than others.

Does it work? Well, if you have read this far, then yes! Putting this into numbers for comparison; the code required to generate the block-print comes in at under 4kB. The photograph shown below comes in at 44kB…

Photograph of a wildflower.

I think both images are quite pleasing; clearly they would serve very different roles in a website, and would be used in different circumstances. When a technique like this is appropriate, however, you can enhance your visitor’s experience, at minimal cost to yourself OR to your visitor (what is not to like?)*

If you like the design you have generated you can get it printed on a mug at the T shirt Studio (link below), but you will need to zoom in on the graphic (it is SVG, so you can zoom the page as much as you need without it pixelating – this will not work for the photograph;-), and grab a screenshot first – as the design will (almost certainly) be different the next time you visit!

tshirtstudio (other online printers are available).

* Custom art is ALWAYS expensive to create; the saving is in ensuring your server gets pages to more (up to 10× more) potential visitors (customers?) for the same infrastructure cost!

Mobile statistics (2)

In 2015, we noted that access to websites through mobile devices was a vital consideration in any new website design. Back then the headline figures from Ofcom were somewhat exaggerated, being based on kB of data transferred, but claimed 61% of web traffic was through mobile devices. This was not reflected in statistical reports based on visitor numbers to ‘normal’ websites, or in own observation of browsing statistics on client’s websites.

A personal glimpse of current browsing habits (July 2020), suggests that our client’s websites are now more closely in-line with the earlier Ofcom report:

Visitors to commercial websites now split approximately evenly between desktop and mobile devices, while visitors using a tablet come in at about 20% of the total.

Visitors to our academic websites, in contrast, have more conservative browsing habits: Most academics have access to a larger desktop device which they use for research, and the statistical split is closer to 80% on desktops, with most of the remaining visitors being on smaller mobile devices, and only about 1% accessing sites through tablets. For some academic sites there will also be issues with getting access to an internal site that is only available over a VPN, but that is not a factor in these statistics.

Despite the change in visitor profile, very few modern websites pay more than lip-service to design for mobile use. The design principle stops at cramming a large desktop site (that the boss sees in the design briefs) into a smaller format, with no consideration to the reduced processing power and bandwidth that these devices have access to, or increased cost a visitor may experience in downloading a graphics heavy website…

Wilkinson Charitable Foundation

Logo of the Wilkinson Charitable Foundation.

The Wilkinson Charitable Foundation was established under a Trust Deed made by the late Professor Sir Geoffrey Wilkinson in 1978. Sir Geoffrey Wilkinson needs no introduction to fellow chemists, being the 1973 Nobel Prize winner for his work developing Organometallic Chemistry, but also as the co-author of ‘Cotton and Wilkinson’ the standard undergraduate inorganic chemistry text for many years.

The Foundation has been acting behind the scenes for many years, offering studentships and prizes for chemiatry related activities. Recently the board decided that the Foundation would be better served by having an online presence.

We used a standard WordPress template (‘Twenty Seventeen’), minimising development costs for the Foundation whilst providing a fully featured website. Our role was in helping to prepare content for inclusion in the site, including images and video hosting.