This plugin has been closed and is no longer available for download.


February 7, 2017
I strongly recommend avoiding this plugin. It has major security holes and performance issues. There are major XSS security holes in this script. The URL the user enters is viewable from the stats section of the plugin. With a carefully crafted URL you can run JS as the user which could be exploited to take over the site. The search query that is shown on the 404 page is not correctly filtered either meaning you could send a site link to someone and get them to run JS on the site. The results are not cached which means every single 404 will result in the server doing a Google search. On a site with enough traffic this will get the server IP blocked from Google. If you’re on shared hosting this could get you account suspended. An attacker could exploit this to DDoS your server as well. Issuing many requests to pages that aren’t found would result in the server attempting many Google searches and using up system resources. This would also create a huge log file which cannot be disabled. The code itself is poorly written, such as using comparisons instead of is_empty(). It includes a functions.php file that has code that is completely unused. A regex is base64 encoded for unknown reasons. base64_decode is often used to hide exploits but it doesn’t appear to be the case here. The code style is inconsistent making it hard to read.
Read all 0 reviews

Contributors & Developers

“True Google 404” is open source software. The following people have contributed to this plugin.


Translate “True Google 404” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.