CHSS Research Impacts Site is live!

Every now and then a project brings the whole team together and combines everyone’s knowledge and expertise.

It’s always extremely rewarding to see a final product so we’re very excited to announce the launch of the University of Edinburgh’s ‘Research Impact’ site. Going live today after months of planning, building, recording and editing we’re pleased to say it looks great! We will be adding new case studies and improving the website over the next few months but are very happy with announcing what’s in place to the big wide world. And so without further ado… (drum roll please…) here it is!

Humanities and Social Science Research Impact websiteResearch Impact website As a world leading university much of the research that goes on in Edinburgh is helping to change world politics, law, economics, social thinking and practises (to name a few!). Here at the uni we felt that the impacts of many of the research studies in the College of Humanities and Social Science were so outstanding that they had to be showcased. The Research Impacts site has taken some of the biggest personalities and most impactful studies and given them a platform. From rebuilding the face of an ancient Egyptian mummy to the impact of neuroscience on The Church of Scotland, the topics and staff featured are vast and all equally fascinating. Building the website, and in my case producing the video features, was (and is) a huge task given that even though these academics are leaders in their fields they can be far too modest or, heaven forbid, camera shy!

Continue reading

Extraordinary poster art of China

Over the last two weeks I’ve been working on a mini-site for the Confucius Institute showcasing the exhibition on propoganda poster art of China they are hosting at Adam House.

The exhibition, which features 133 posters dating from 1913, is just a small sample of the Shanghai Propaganda Poster Art Collection, which has over 5000 examples of these rare artefacts. The styles and subjects give a fascinating insight into the cultural and political shifts in China through the twentieth century.

Details from 'Model Opera: Red Army Women', 1971

Details from ‘Model Opera: Red Army Women’, 1971

Having such a wealth of visually interesting and colourful material made building the website a lot of fun. Using a timeline plugin allowed me to place poster images in context alongside text explaining the shifts in styles and messages used in the artwork. Text from the exhibition catalogue is illustrated with some of the fascinating background details from the posters.

The exhibition runs from 6 June – 12 July at Adam House, Chambers Street. Full details of of opening times and times of guided tours are available on the exhibition website:

Poster Art of Modern China website

Shanghai Propaganda Poster Art Center (PPAC)


Some nice WordPress plugins

A few nice WordPress plugins I’ve been using recently:

Better WP Security – A very popular and powerful plugin that takes a range of steps to harden your WordPress installation.

Mail on Update – Emails you to let you know of available plugin updates.

Polylang – Simple and easy to use, it allows you to create a multilingual site (no in-built translation workflows – if you need that try WPML).

Approval Workflow – An easy way to add an Administrator-approval process to your publications.

Blackbox Debug Bar – For plugin developers. It gives useful feedback on SQL queries, page load times, errors, and values of superglobals.

Pure Profiles WordPress plugin – version 1.7

A new version (1.7) of the WordPress plugin for displaying Pure Profiles is now available to download at

The WordPress pseudo-cron has been removed, meaning that it now updates the cache using a traditional cron job only. This helps prevent any confusion about when the update will take place. In addition, an authentication key (editable on your Settings page) must be sent with the call. This ensures that the API is not being called maliciously.

There are also some other improvements, such as the use of preferred names, and publications linking to DOIs.


WordPress plugin for Pure profiles

The University is using the Pure software to keep track of research activity. The front end for this is the Edinburgh Research Explorer, which allows you to browse the data.

Pure provides an API to the data, and several people in the University have been investigating how to extract and make use of the information. It’s been interesting to see the variety of approaches taken, and it seems that different solutions may be suitable depending on the application. We plan to make use of some of these solutions in our sites. In the HSS Web Team, we’ve been particularly keen to make the information available in WordPress. We use WordPress for several sites and wanted a plugin to give users a nice profile page, automatically generated from the golden copy.

I’ve been working on a WordPress plugin to do this, which is now at a release stage:

Development decisions

There was a consensus in the University that REST was the best way forward (Pure also provides a SOAP API). I’ve written a couple of REST APIs in the past, and used the PHP cURL library to consume them. However, we recently discovered Guzzle, a library which makes things nice and easy, and abstracts things a little from the PHP cURL library. Guzzle is going to be part of Drupal 8 core, so well worth checking out.

It’s important that the data is cached locally, both to reduce the load on the server, and to ensure fast page load times. Therefore, when the plugin is enabled, it creates several custom WordPress tables. The API is then called periodically and the data stored in these tables until the next time we want to refresh the database.

The source code is available to browse or clone on Bitbucket.


To use the plugin, you should first download the latest version (currently 1.5) from the downloads page.

You can then go into your WordPress admin area, and Plugins->Add New->Upload to upload the zip file. After installing, click to enable the plugin.

Once the plugin is enabled, you have an additional option under Settings for Pure Profiles.


The first section in the Settings page is Connection Details. This is where the hostname, username and password go. It’s sensible to connect to the beta server to begin with.


You can currently specify which people to pull out by specifying the Pure UUID, Employee ID, or a combination of both. You can also specify an organisation’s UUID, to pull out all the people associated with it (to reduce server load, it’s best to do it this way only when you actually need all of the people in that organisation). All of these should be provided as comma separated lists. The system ignores line breaks, which means you can have the UUIDs on separate lines for readability.


I’ve found the easiest way is to search the Edinburgh Research Explorer for the person you want, and then retrieve their UUID from the URL (between the brackets). It’s also a way of checking that they are actually in Pure!

The next section allows you to specify the time of the cron job to update the database. Note that this is a WordPress pseudo-cron, and is actually triggered the next time the site is accessed. For this reason, it makes sense to set up an actual cron job to call the site shortly after the scheduled WordPress cron. This ensures that the update takes place overnight, rather than being triggered in the morning when someone visits the site.


There’s also an option to enable Development Mode. This calls the API on every page load. Enabling Development Mode slows the site down significantly and puts an unnecessary load on the Pure server, so it should be avoided, particularly with the live server. However, enabling it after you install the plugin and then disabling it immediately afterwards allows you to populate the database right away, rather than waiting overnight.

Under Appearance, there’s the option of whether or not to use the default stylesheet. The default stylesheet provided with the plugin gives some basic formatting, but these styles can be overridden in your theme’s stylesheet. The generated HTML has lots of classes provided, so there’s a fair amount of flexibility in how you can style the output.

Displaying the data using Shortcodes

Once the plugin has been configured in Settings, and the database has been populated, the next step is to add the shortcode to a page. The plugin adds an extra icon to TinyMCE, which brings up a dialog.


You can then select the person to include from a dropdown list, and optionally hide sections.


Clicking Create Shortcode inserts the shortcode into the page.


Then it’s just a case of saving the page, and the profile appears.

profile profile2

Note that you could have your publications or projects on separate pages, by using multiple shortcodes and hiding the appropriate sections.

Future Development

The plugin is still very much in development. There may be some fields missing, and there’s no paging of publications, for example.

Please feel free to add issues in Bitbucket, make suggestions, etc., and to use it!


Web Application Security – the Role of Users

For IT professionals, security is an integral part of the job. We must keep up-to-date with the latest techniques being used to target sites, and try to stay a step ahead of the hackers. Most developers foster a healthy paranoia about the range of ways that systems could be exploited, and keep it constantly in mind when designing an application, writing the code, and then deploying and updating.

However, there are also steps that users can and should take to prevent their data being compromised. These three important practices will go a long way to ensuring that your data is secure.

1 – Use strong passwords

Brute force attacks are common, such as this recent attack on WordPress sites. This is where a malicious computer program makes multiple attempts to guess a user’s password. If your password is in the dictionary, related to the name of your website, or too short, there’s a good chance that a brute force attack will crack it. Actually, any password can be guessed given enough time, which is why you should also change your password every few months. Creating a strong random password of 10 or more characters and using a mixture of upper and lower case, numbers, and special characters will protect from most attacks.

You should also be aware of other ways in which your password can be vulnerable. For example, using the same password across multiple sites, leaving a written copy lying around, or connecting over unencrypted Wi-Fi (e.g. in an internet cafe).

2 – Keep your browser up-to-date

Part of the job of IT professionals is to ensure that third-party software and plug-ins are kept up-to-date. This is because, as new exploits are discovered, the software vendors will update their products to protect against them. Therefore using older versions leaves users at risk of being hacked through known vulnerabilities.

As a user, you should also ensure that you keep your browser at the latest version. Older browser versions are often insecure, and some have been abandoned by vendors. Keeping your browser current not only means added protection from hackers, but also that you have all the latest bug fixes and features, and that web pages will display as intended by the web designers.

It’s also good practice to keep your operating system updated with the latest fixes.

3 – Be aware of social engineering techniques

Social Engineering techniques involve attempting to trick people in order to gain access to buildings, systems, or data. The most well-known example is phishing which is an attempt to gain information such as usernames, passwords, or credit card details, normally through emails or impersonating a website. However, scammers use a wide range of con tricks, and it’s important to stay informed and alert.


Having something hacked can be a stressful experience. As well as potential economic costs, there are reputational costs. Whether it is sensitive data being leaked, your site being downgraded by search engines, or your Facebook account being used to send embarrassing messages, the consequences of lapses in security can suddenly become very real when the worst happens. In the case of a hacked website, it can be virtually impossible to fix, since hackers can install sophisticated software to retain control of the server behind the scenes.

There’s no such thing as 100% security, but by bearing in mind some of the most likely exploits, you can at least mitigate the risk.