diff --git a/lib/wpscan/target/platform/wordpress/custom_directories.rb b/lib/wpscan/target/platform/wordpress/custom_directories.rb
index d0d85f65..938a8e36 100644
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -105,9 +105,10 @@ module WPScan
 
           # url_pattern is from CMSScanner::Target
           pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
+          xpath = '(//@src|//@href|//@data-src)[contains(., "xmlrpc.php") or contains(., "wp-includes/")]'
 
           [homepage_res, error_404_res].each do |page_res|
-            in_scope_uris(page_res) do |uri|
+            in_scope_uris(page_res, xpath) do |uri|
               return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
             end
           end
diff --git a/spec/shared_examples/target/platform/wordpress/custom_directories.rb b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
index e822c263..79a153ed 100644
--- a/spec/shared_examples/target/platform/wordpress/custom_directories.rb
+++ b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
@@ -149,6 +149,24 @@ shared_examples 'WordPress::CustomDirectories' do
         expect(target.sub_dir).to eql false
       end
     end
+
+    context 'when a lot of irrelevant urls' do
+      let(:body) do
+        Array.new(250) do |i|
+          "<a href='#{subject.url}#{i}.html>Link</a><img src='#subject.{url}img-#{i}.png'/>"
+        end.join("\n")
+      end
+
+      it 'should not take a while to detect the sub_dir' do
+        stub_request(:get, target.url).to_return(body: body)
+
+        time_start = Time.now
+        expect(target.sub_dir).to eql false
+        time_end = Time.now
+
+        expect(time_end - time_start).to be < 1
+      end
+    end
   end
 
   describe '#url' do