One of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe Flash is to enable “Click to Play”.
Click-to-Play prevents Flash elements from being rendered in your browser unless you give specific permission by (you guessed it) clicking.
Enabling Click-to-Play for Flash in Internet Explorer
Click the gear icon on Internet Explorer’s toolbar and select Manage Add-ons.
Select Toolbars and Extensions, and choose Show All add-ons. Locate the Shockwave Flash Object plugin under Adobe Systems Incorporated. Double-click on it, and then click Remove All Sites to remove the default * (which allows all websites to run Flash).
Enabling Click-to-Play for Flash in Firefox
The simplest method is to install the Flashblock add-on.
Alternatively, Type about:addons in your browser bar (where you normally type in website addresses). Press <return>. Click on Plugins. Find “Shockwave Flash” in the light of plugins, and choose Ask to Activate in the dropdown box.
Enabling Click-to-Play for Flash in Opera
Click the Opera menu button, choose Settings, and select Websites. Enable the Click to play option under Plug-ins.
Enabling Click-to-Play for Flash in Safari
Your first option is to install a Safari extension.
Mac expert Kirk McElhearn recommends the ClickToPlugin extension which blocks Flash and other media plugins from running until granted permission.
If, however, you prefer to only block Flash, try its sister extension the imaginatively-named ClickToFlash.
Alternatively, for a solution which involves no extensions, go to the Preferences pane in Safari, and select the Security icon. Manage Website Settings to the right of Internet plug-ins.
Select the Flash plugin from the list, click the When visiting other websites box, and select Ask.
Enabling Click-to-Play for Flash in Google Chrome
Click Chrome’s menu button and select Settings to open the Settings page. Click Show advanced settings, click Content settings under Privacy, scroll down to Plug-ins, and select Let me choose when to run plug-in content.
Please note that you need to check the plugins page (chrome://plugins) to make sure no plugins are configured to run automatically. Read Michael Horowitz’s excellent article for ComputerWorld for more details of this.
Of course, it goes without saying, that when Adobe does release a fixed version of Flash be sure to install it at your earliest opportunity. (And make sure you get it from Adobe’s own website, rather than scammers who might be trying to fool you into thinking you’re downloading the real deal)
Stay safe folks.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
4 comments on “How to enable Click-to-Play in Adobe Flash”
I've had this enabled for ages.
Not only does it enhance privacy and security but it also stops those pesky flash adverts that start playing as soon as you load a webpage. I can now enable only the content I want to watch without being distracted by the periphery.
I've done this, but I get a Flash click-to-run prompt on video clips on the BBC News website. Yet these play just fine on my iPod Touch. Since Apple has eschewed Flash, this presumably means that the Beeb is offering both Flash and HTML5 versions, and I could still play them on my PC if I uninstalled Flash. But I might need it on other sites.
Is there a way to tell my browser to prefer an HTML5 version if available and only give the click-to-run prompt if it's Flash or nothing? Or should we be lobbying the Beeb to preferentially offer HTML5?
Must be that Chrome for OS-X is configured quite differently, as the screenshots provided bear no resemblance to my Chrome Settings screen. Version 49.0.2623.87 (64-bit)
Thanks for this info. I hate those awful start-on-page-opening ads and am so glad to know they can be stopped. In following these instructions, however, I found this statement on all my plugins:
"Plugin Name" does not support the highest level of security for Safari plug-ins. Websites using this plug-in may be able to access your personal documents and data."
What does that mean and how do I protect my privacy from them?