How to secure macros in Excel and protect your VBA code

  • Configure the Trust Center to control how macros are enabled or blocked in each Excel workbook.
  • Protect your VBA code with a password and, if necessary, digitally sign your projects with certificates.
  • It combines trusted documents, signatures, and cell protection to reduce risks in shared ledgers and corporate environments.
Daniel Terrasa

11 minutes

Protecting macros in Excel

When you work with spreadsheets daily, it's easy to end up building a huge system of formulas, references, and automations. In that context, the excel macros They become your best ally in avoiding repeating the same tasks. But, just as they can save you hours of work, they can also be a gateway to security problems if not managed properly.

That's why it's so important Protecting macros in ExcelProtecting your code, controlling who can run them, deciding which files are trusted, and ultimately balancing automation and security are key. Below, we explain how macros work in terms of security, what options Excel offers to protect them, how to digitally sign them, and what limitations apply when working with shared workbooks and Excel Online.

What exactly is a macro in Excel and why can it be dangerous?

An macro in Excel It is, basically, a sequence of instructions that the program executes automatically to perform a repetitive task. These instructions are usually written in Visual Basic for Applications (VBA)There are also the older Excel 4.0 macros (XLM), which are still supported in certain scenarios.

This type of automation allows you to save time and minimize human errorBecause instead of doing the same thing manually a hundred times, you program it once and run it when needed. The problem is that these same capabilities can be used for malicious purposes. For example, to download and install malware, modify files without permission, or spy on user information.

From a security standpoint, any file containing macros that you receive from third parties should be considered potentially dangerous. At least until you can verify its originThat's precisely why Office includes a system of alerts, blocking, and document trust. This prevents code from running without the user's prior authorization.

In summary, macros are a key component for automating processes in Excel, but they are also a potential attack vector, so it's advisable to... know all the tools well that the program offers to manage and protect them.

excel web

Convert a workbook into a trusted document to allow macros

When you open a excel workbook that contains VBA code or XLM macros, normally a security warning Under the ribbon. That notice indicates that the file includes macros. By default, they won't run until you make a decision.

If you recognize the origin of the file and are certain that the content is legitimate, you can make that specific book a reliable documentso that the macros run without Excel asking you again every time you open it.

The general process in an Excel workbook is very simple:

  1. First you click on Enable content in the warning bar that appears when you open the file.
  2. Next, you accept the security dialog box that asks if you want to trust the document. With that confirmation, Excel marks that file as safe.
  3. Once marked as reliable, the macros are enabled in that book without further notice. This is very convenient when you always work with the same internal files and know they come from your own organization or a source you trust.

If you want to stop trusting that workbook or other files you previously marked, there isn't an option to withdraw trust from a single, specific document; you'll have to delete all trusted documents from the Office security options to have the warnings displayed again in all of them.

Configure macro security from the Trust Center

The most comprehensive way to protect macros in Excel involves reviewing the configuration of the Trust CenterThis is the panel where all security options related to macros, active content, VBA access, and other similar features are grouped.

Please note that if you are using a computer managed by your company or educational institution, the system administrator may have blocking the change of some optionsIn that case, there will be parameters that you cannot modify on your own, as they are managed through group policies or other administration tools.

To access the macro options in the Trust Center in Excel, the usual path is this:

  1. Open tab Archive.
  2. Walk into Options.
  3. In the side panel, select the category Trust CenterFrom there you can press the button Trust Center Settings and, in the new window, enter the section Macro Settings.
  4. Within this section, you'll find several options that determine how Excel behaves when it detects macros in a file. Choosing the right one makes all the difference in having a better environment. very restrictive and safe or a more flexible one but with more risk.

We will review each of the available alternatives in detail, bearing in mind that not all Office applications display exactly the same options as Excel, and that some refer specifically to VBA macros oa macros Excel 4.0 (XLM).

Excel macros

Excel macro configuration options

In the Trust Center, you'll see a series of checkboxes and selection buttons that allow you to decide how to handle macros. Each of these options focuses on a different level of balance between safety and comfort.

  • Disable all macros without notificationIn this mode, not only is the execution of any macro prevented, but security alerts are also hidden, so Excel simply blocks the code without displaying any messages to the user.
  • Disable all macros with notificationHere, Excel still blocks the automatic execution of macros, but will display a security warning each time you open a file containing them, giving you the option to enable them manually if you wish. This setting offers a reasonable balance, since Avoid silent execution of potentially dangerous code, but at the same time it allows you to activate macros that you know are reliable with one or two clicks, without having to constantly modify the overall settings.
  • Disable all macros except digitally signed onesIn this scenario, Excel blocks all macros and displays security alerts if the file contains unsigned code, but allows automatic execution Those macros that have a valid digital signature from a publisher you already trust.
  • Enable all macros (not recommended, may execute potentially dangerous code)As its name suggests, in this mode Excel runs any macro it finds without asking for confirmation, making your computer... especially vulnerable to malicious code.

In addition to these four major general behavior options, Excel includes a field related to legacy macros. Excel 4.0 (XLM)Specifically, you can find a similar option to Enable Excel 4.0 macros when VBA macros are enabled.

Finally, the option is included within this same block Trust access to the VBA project object model, which regulates whether or not other applications are allowed to automatically access the VBA object model in your Excel.

Password-protect your macro's VBA code

Beyond deciding whether or not to run macros, another key aspect of securing them is protect your own codeThis way we avoid qso that other users cannot view, modify, or copy it without permission. Excel allows you to set a password at the VBA project level to achieve this.

The typical procedure for protecting your macro code would be to open the Excel workbook containing the VBA project you want to lock, and then go to the tab Programmer from the ribbon. From there you can click on the button Visual Basic to open the VBA editor associated with that book.

Once inside the Visual Basic editor, you will need to select your project in the left panel and access the menu Tools, where you will find the option Properties of VBAProject (The exact name may vary depending on the installation language, but it refers to the properties of the current project.)

In the properties dialog box, you'll see several tabs; the one you're interested in for blocking the code is the tab ProtectionWithin it, you will have the option to select the option Lock project for viewing, which prevents other users from viewing the project content without entering the password.

After checking that box, you will need to write a password protection Enter the password in the corresponding field and repeat it in the confirmation field to ensure there are no typos. Once you have entered the password twice, you can click on AcceptClose the VBA editor and return to Excel.

For the protection to be applied correctly, it is important that close the Excel file and open it again.

Excel macros

Digitally sign macros with certificates

Besides password protection, another powerful way to secure macros is to use digital signaturesOffice uses Microsoft Authenticode technology to allow macro developers to digitally sign their projects or files.

The digital signature process is based on a digital certificate which identifies the author of the macro. When a VBA project or a document with macros is signed, the certificate guarantees that the file comes from that specific signer and that the content has not been modified since the signature was applied.

After installing the certificate on your computer, you can use it to sign your macro projects so that when other users open those files, Excel can authenticate them. check the validity of the signature and treat the content as reliable if the publisher is marked as trusted.

There are two main ways to obtain a certificate to sign your macros.

  • You can resort to a commercial certificate issuing entity. This will provide you with a recognized certificate suitable for use in corporate or public environments.
  • You can also obtain a certificate through your organization's internal security administrator or IT department.

Once you have the appropriate certificate, the next step is to access the digital signature options within the VBA editor and associate the certificate to the projectFrom then on, every time you distribute a file with that project, the signature will ensure its integrity and origin. And you can combine it with the "signed macros only" setting in the Trust Center to significantly increase the level of protection.

Using macros and protection in shared workbooks and online Excel

In many current work environments it is common to use shared Excel workbooks through services like Microsoft Teams or OneDrive. The idea is that several colleagues can edit the same file simultaneously from different locations.

In that context, two very common questions arise: How protect cells and formulas to prevent other users from accidentally deleting them? Can macros be used in Excel online when that book is shared via Teams?

Regarding the first question, Excel offers sheet and workbook protection tools that allow you to mark certain cells as blocked Then set a password so only certain people can change them. This way you can leave only the data entry cells unlocked, and protect the rest so the formulas can't be touched.

In this way, your colleagues will be able to write in the ranges you have chosen, but they will not be able to delete or modify formulas Criticals for the functioning of the file, which is very useful when the book is complex or contains delicate calculations.

If you need your macros to work, you'll have to open the file with the full version of Excel installed on the computer, even if the file is stored in Teams or OneDrive. The workbook can still be shared, but the macros will run from the desktop application and not from the online environment.

It's important to explain this to your colleagues so they understand that some automations won't be available from the browser. In those cases, the best strategy is usually to combine a good cell protection with clear usage procedures and, when necessary, run macros from desktop Excel to apply more advanced processes.