diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf
index 40a117fe..cd74e186 100644
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -41,8 +41,3 @@ log-facility=/var/log/pihole.log
 local-ttl=2
 
 log-async
-
-# If a DHCP client claims that its name is "wpad", ignore that.
-# This fixes a security hole. see CERT Vulnerability VU#598349
-dhcp-name-match=set:wpad-ignore,wpad
-dhcp-ignore-names=tag:wpad-ignore
diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh
index ea699efa..583579b6 100755
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -366,6 +366,14 @@ EnableDHCP() {
     delete_dnsmasq_setting "dhcp-"
     delete_dnsmasq_setting "quiet-dhcp"
 
+    # If a DHCP client claims that its name is "wpad", ignore that.
+    # This fixes a security hole. see CERT Vulnerability VU#598349
+    # We also ignore "localhost" as Windows behaves strangely if a
+    # device claims this host name
+    add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad
+dhcp-name-match=set:hostname-ignore,localhost
+dhcp-ignore-names=tag:hostname-ignore"
+
     ProcessDHCPSettings
 
     RestartDNS