Title: True Google 404
Author: technofreak
Published: <strong>March 6, 2012</strong>
Last modified: January 25, 2013

---

Search plugins

![](https://s.w.org/plugins/geopattern-icon/true-google404.svg)

# true-google404

 By [technofreak](https://profiles.wordpress.org/technofreak/)

 * [Details](https://wordpress.org/plugins/true-google404/#description)
 * [Reviews](https://wordpress.org/plugins/true-google404/#reviews)
 * [Development](https://wordpress.org/plugins/true-google404/#developers)

 [Support](https://wordpress.org/support/plugin/true-google404/)

## Description

This plugin has been closed as of January 25, 2013 and is not available for download.
Reason: Unknown.

## Reviews

![](https://secure.gravatar.com/avatar/b441fcbc505d64482dd6e0f895391564cf82e28f87d3f4e1f7585379bbd356f0?
s=60&d=retro&r=g)

### 󠀁[Poorly coded, no caching, XSS exploits, emails site info to author](https://wordpress.org/support/topic/poorly-coded-no-caching-xss-exploits-emails-site-info-to-author/)󠁿

 [DriverDan](https://profiles.wordpress.org/driverdan/) February 7, 2017

I strongly recommend avoiding this plugin. It has major security holes and performance
issues. There are major XSS security holes in this script. The URL the user enters
is viewable from the stats section of the plugin. With a carefully crafted URL you
can run JS as the user which could be exploited to take over the site. The search
query that is shown on the 404 page is not correctly filtered either meaning you
could send a site link to someone and get them to run JS on the site. The results
are not cached which means every single 404 will result in the server doing a Google
search. On a site with enough traffic this will get the server IP blocked from Google.
If you’re on shared hosting this could get you account suspended. An attacker could
exploit this to DDoS your server as well. Issuing many requests to pages that aren’t
found would result in the server attempting many Google searches and using up system
resources. This would also create a huge log file which cannot be disabled. The 
code itself is poorly written, such as using comparisons instead of is_empty(). 
It includes a functions.php file that has code that is completely unused. A regex
is base64 encoded for unknown reasons. base64_decode is often used to hide exploits
but it doesn’t appear to be the case here. The code style is inconsistent making
it hard to read.

 [ Read all 0 reviews ](https://wordpress.org/support/plugin/true-google404/reviews/)

## Contributors & Developers

“True Google 404” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ technofreak ](https://profiles.wordpress.org/technofreak/)

[Translate “True Google 404” into your language.](https://translate.wordpress.org/projects/wp-plugins/true-google404)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/true-google404/), check
out the [SVN repository](https://plugins.svn.wordpress.org/true-google404/), or 
subscribe to the [development log](https://plugins.trac.wordpress.org/log/true-google404/)
by [RSS](https://plugins.trac.wordpress.org/log/true-google404/?limit=100&mode=stop_on_copy&format=rss).

## Meta

 *  Version **1.4.1**
 *  Last updated **13 years ago**
 *  Active installations **N/A**
 *  WordPress version ** 2.7 or higher **
 *  Tested up to **3.5.2**
 *  [Advanced View](https://wordpress.org/plugins/true-google404/advanced/)