NordVPN

Although NordVPN is already one of the best-known VPNs, its features have increased dramatically over the past few years. In addition to protecting your web traffic, NordVPN scans downloaded files for malware and watches for malicious sites as a traditional antivirus would via Threat Protection Pro, and its scores against fraudulent and malware-hosting URLs are excellent. For all it offers in a single package, NordVPN is worthy of our Editors’ Choice award. There are multiple Editors’ Choice winners in this category, but two of particular note are Mullvad VPN, which goes to great lengths to protect your privacy, and Proton VPN, a five-star service that is more affordable and straightforward than NordVPN.

How Much Does NordVPN Cost?

NordVPN’s Standard plan ($12.99 per month or $59.88 for the first year) includes just the VPN itself. The Plus tier ($13.99 per month or $69.48 for the first year) adds the NordPass password manager, breach scanning similar to HaveIBeenPwned, and malware protection via the company’s in-house antivirus option, Threat Protection Pro, which we’ll get into later. The Ultimate tier, formerly known as the Complete tier ($14.99 per month or $83.88 for the first year), throws in 1TB of encrypted cloud storage with NordLocker, as well as identity protection services insured up to $1 million in the case of losses for the user. These renew at their respective annual rates on a per-year basis.

(Credit: NordVPN/PCMag)

We should mention here that in April of 2024, NordVPN was targeted as a part of a broader class action lawsuit on behalf of the states of California and North Carolina surrounding its renewal tactics surrounding annual plans. While some of those prices above look enticing at first, if you let your subscription renew after the first year, users report upward of a 200% increase in price, as well as little notification of that increase prior to the charge hitting their accounts.

While this isn’t an uncommon tactic in the industry, Nord, in particular, was targeted because users of its services allege that canceling their subscriptions was unnecessarily difficult and that the terms of the renewal process weren’t laid out clearly when they first signed up. The case is awaiting arbitration, and we’ll update this review when each state determines the motion’s results.

Although the above discounts may initially seem enticing, we recommend against immediately purchasing discounted long-term plans. Instead, start with a short-term or one-month plan so you can try out the service. Note that NordVPN frequently offers different pricing based on the time of year or your location. However, there’s no true way to game this system other than clearing your cookies each time you connect to the site and hoping the discount you’re looking for pops up. NordVPN does not offer a free trial or subscription.

NordVPN accepts payment with all major credit cards and cryptocurrencies via CoinGate, Google Pay, and PayPal. As of this writing, the average cost for a VPN service we’ve reviewed is about $10.14 per month and $57.61 per year. This puts NordVPN among the most expensive VPNs we’ve tested, regardless of tier or the length of subscription.

You can get a top VPN subscription for less. Mullvad VPN, for instance, is just 5 euros ($5.52 at the time of writing) per month, and Proton VPN has all the same features and nearly double the simultaneous connections as NordVPN for $11.49 per month.

There are also some free VPNs worthy of consideration. While all free VPNs have limitations, Proton VPN is one of the few we’ve tested that doesn’t limit the amount of data free subscribers can use.

What Do You Get for Your Money With NordVPN?

NordVPN allows you to use, somewhat oddly compared with the rest of the industry, up to six devices simultaneously. The average VPN service limits you to either five or 10 such connections, but that’s starting to change. Avira Phantom VPN, IPVanish VPN, Surfshark VPN, and Windscribe VPN allow an unlimited number of devices to connect at once. NordVPN provides apps for all major platforms. (Note: IPVanish is owned by Ziff Davis, PCMag.com’s parent company. For more, see the ethics policy in our Editorial Mission Statement.)

NordVPN offers static IP addresses for $3.69 per month ($70.68 with an annual VPN subscription). You can choose an address for the United States, Germany, the UK, the Netherlands, and Japan. A static IP address may help prevent your VPN connection from being blocked, especially if you connect to the same region consistently. We appreciate that NordVPN has made adding static IPs to existing accounts much easier.

(Credit: NordVPN/PCMag)

NordVPN supports multi-hop connections, which it calls Double VPN. It routes your connection through a second VPN server instead of just one. That way, if one leg of the connection is compromised, your connection is still secure. It also lets you connect to the Tor network directly from within the app.

Split tunneling lets you designate which apps route their traffic through the VPN connection and which travel in the clear. NordVPN takes an interesting approach here, letting you either require or forbid VPN connections for apps. However, the company doesn’t support split tunneling in its iOS or macOS apps. NordVPN and Proton VPN are among the few products offering split tunneling, access to Tor via a VPN server, and multi-hop connections.

NordVPN also now includes a service called Threat Protection Pro, features that go beyond typical VPN protection. The company claims these features block malicious sites, scan downloads for malware, and block trackers and ads. We’ll take a look at this feature in detail later in this review. Other companies, such as Surfshark VPN, have expanded into similar territory with Surfshark One, while some antivirus companies have started including VPNs with their traditional antivirus products.

(Credit: NordVPN/PCMag)

Although useful, a VPN can’t protect against everything. We recommend activating multi-factor authentication wherever possible, creating complex and unique passwords for each site and service with a password manager, and using antivirus software.

What VPN Protocols Does NordVPN Offer?

NordVPN uses NordLynx (an implementation of WireGuard) by default in its Android, iOS, macOS, and Windows apps. OpenVPN is also available on all those platforms. IKEv2 is available for iOS and macOS apps only.

OpenVPN has long been the gold standard for VPNs, but WireGuard is becoming increasingly popular. It’s easy to see why. Like OpenVPN, WireGuard is open source, but it uses newer encryption techniques and yields better speeds.

Where Are NordVPN’s Servers Located?

On March 26, 2024, NordVPN announced that it had completed a network upgrade that brought its previous coverage of just 60 countries to a more impressive 111. While that’s a big jump, some VPN companies still outshine it. PureVPN, for example, covers 139 countries, Surfshark covers 100, and HMA covers about 190.

(Credit: NordVPN/PCMag)

Most of NordVPN’s physical servers are in the US and the UK, which is not unusual for VPN companies. However, NordVPN also has a diverse mix of servers worldwide. The company currently offers one location in Africa (South Africa) and a handful in South America—two continents ignored by many other services. 

Notably, NordVPN offers servers in Hong Kong, Turkey, and Vietnam, all of which have restrictive internet policies. The company doesn’t offer servers in Russia, but it does have servers in Ukraine. Note that we don’t make specific recommendations for VPNs to bypass government censorship because the stakes of getting it wrong are simply too high. 

Is NordVPN Trustworthy?

VPNs require a lot of trust because all your web traffic is routed through their infrastructure. For each review, we look over the company’s privacy policy and discuss security and privacy issues directly with the company. We didn’t find anything worrisome here, although NordVPN’s policy is less reader-friendly than TunnelBear’s.

In our discussions with the company and in its privacy policy, NordVPN makes clear it does not log browsing history, traffic, or IP addresses. That’s as it should be.

The NordVPN privacy policy states that NordVPN retains the username and time of the last session, but only for 15 minutes after you disconnect from the VPN. That’s good. This was verified by a third-party audit, outlined below. A representative from NordVPN assured us the company does not profit from the sale of user data. The company does not generate revenue from sources other than customer subscriptions.

NordVPN is incorporated and operates under Panama’s legal jurisdiction. Panama has no legal requirement for companies to retain data for any given period. The company says that were it to be subpoenaed, it would only respond to a court order or subpoena issued by a Panamanian court. NordVPN says it maintains offices in other countries in addition to Panama and was founded in Lithuania.

Many VPN companies now release the results of third-party audits in order to build trust. PriceWaterhouseCoopers (PWC) completed two audits of NordVPN in 2018 and 2020, and VerSprite released penetration testing reports for NordVPN’s apps in 2021. In January 2023, NordVPN released an audit from Deloitte verifying the company was complying with its commitment to not log user activity. A pair of audits from German cybersecurity firm Cure53, conducted in February 2023, looked at NordVPN’s apps and infrastructure. The company reported that all critical, high, and medium-priority issues were immediately addressed by developers and later confirmed by Cure53. Audits are imperfect tools, but they are still a measure of accountability we appreciate. We’re pleased to see NordVPN continue to release third-party audits, although we’d like to see them make the same commitment to annual audits TunnelBear has made. 

Hands On With NordVPN for Windows

Installing NordVPN was quick and easy on our Intel NUC 13 Extreme Kit (‘Raptor Canyon’) test PC running the latest version of Windows 10. The app has gotten a bit of a visual overhaul since we last looked. This includes an all-new start screen with separated blocks: one for the VPN, one for Threat Protection Pro, and one for File Sharing.

Another fun feature is an onboarding wizard that walks you through the VPN’s features and gives you the chance to customize certain settings before you begin. For instance, you can define the circumstances in which NordVPN will connect automatically and how the kill switch will function. Of course, it also encourages you to download NordPass and NordLocker. We were also prompted to install the NordVPN browser extension but found we needed to manually approve the extension in our browser (Chrome) before we could use it.

(Credit: NordVPN/PCMag)

NordVPN is clearly positioning its app as a set-and-forget service. A Pause button deactivates the VPN but reconnects you automatically after five minutes, 15 minutes, or an hour. You can also use the pause button to mark your current network as trusted and not require a VPN at all. Hitting the power button pulls up a warning that it will shut the VPN off, but once the app starts again, it will resume its default automatic connection settings. The assumption is that you want NordVPN running all the time, but it can get a little annoying if that’s not how you use a VPN.

Overall, NordVPN’s Windows experience is as top-tier as it comes, which is expected given its pricing and placement within the industry as a whole.

NordVPN Threat Protection Pro

A few years ago, NordVPN released its Threat Protection product as a standalone antivirus. With no on-demand scanning, no scanning of local files, and web-based protection running mostly at the VPN level, it failed to impress. The company quickly brought it back into the flagship NordVPN product as a bonus component, where it remains today. 

The current iteration, Threat Protection Pro, is an improvement over that initial offering, but it’s still not a complete antivirus. Its own documentation states, “While NordVPN’s Threat Protection Pro is not a full-fledged antivirus yet, it is an antivirus-like product that provides similar functions, such as scanning downloads for malware and preemptively blocking malicious URLs.”

Even so, most consumers will consider it equivalent to other antivirus apps, and in many ways, it is. We put the Threat Protection Pro component through our usual battery of antivirus tests, and it scored from middling to perfect.

(Credit: NordVPN/PCMag)

Threat Protection Pro consists of three main components: web protection, file protection, and vulnerability detection. While file protection might sound like it should scan and manage any malware found in local files, it actually refers to NordVPN’s ability to detect malware incoming from the internet through downloads and opened attachments.

No Lab Test Results

In most antivirus reviews, we include test results from four independent antivirus labs: AV-Comparatives, AV-Test Institute, MRG-Effitas, and SE Labs. The labs don’t have infinite resources, so they must carefully consider which products to test. When three or four of them include a given product, you know it’s significant. All the better, of course, if the product earns top scores from those labs.

With its long history, it’s no surprise that Norton’s antivirus engine holds high scores from all four labs. Avast and Microsoft also appear in the latest reports from all four. Surfshark managed a near-perfect score in the latest round of testing by AV-Test, much better than its previous score.

NordVPN Threat Protection is at a disadvantage here. Almost all lab tests involve detecting malware that’s already present on a test system, either by simply recognizing the malware file or by detecting its malicious behavior. Some include an opportunity for blocking malware at the download stage but go on to expect additional layers of protection. We’re not likely to see any antivirus lab test scores for this product unless it adds real-time local malware detection.

That said, NordVPN did receive certification from AV-Comparatives in an unscheduled test dedicated to phishing protection rather than the usual antivirus tests. Fifteen security companies submitted their programs to this test. Eight, NordVPN among them, received certification. With 85% detection, NordVPN just made the cutoff for certification. McAfee Total Protection’s 92% was the highest score on this test.

Download-Specific Malware Protection

The typical antivirus program offers to perform a quick or thorough on-demand scan of your PC, looking for any malware that may be present. Scanning files on any type of access is also common, and most layer on some form of behavioral analysis to detect malware that gets past other types of detection. 

NordVPN Threat Protection does none of these things. It focuses strictly on downloads, checking every page you visit and analyzing every file as it arrives on your computer. That means it won’t detect files that come in through, say, an infected USB drive or malware files that were present before its installation. And if it doesn’t recognize a threat during download, there’s no second chance for it to block malicious behavior.

On the plus side, the app’s developers are proud of their in-house engine. According to Nord, “Threat Protection Pro uses proprietary engines developed by Nord Security—we do not use any third-party software development kits (SDKs). Developing these engines in-house gives us the independence to deliver the products that our customers need.”

(Credit: NordVPN/PCMag)

Our usual malware protection test starts with opening several folders of hand-curated malware samples. Many antivirus utilities start picking off the samples immediately, while others wait until just before each program launches. We had to modify the normal testing regimen to get any reaction from NordVPN, since it doesn’t examine local files at all. It was a simple (though tedious) tweak; we just copied the samples to cloud storage and then downloaded each one.

In every case, the results were clear-cut. Either Threat Protection interrupted the download, labeling it as dangerous, or it did nothing at all. It detected and eliminated 88% of the samples, leaving the other 12% completely untouched. Fortunately, none of the ransomware samples slipped past the detection filter. That performance earned it 8.8 out of 10 possible points.

Typically, this test continues as we launch all the surviving samples, allowing the antivirus to use behavior-based detection, heuristic detection of malware components, and any other weapons in its arsenal. Surfshark One, another VPN with an antivirus component, caught some samples as they tried to launch and nabbed others during initialization, detecting 94% of the samples in one way or another and scoring 9.1 points to NordVPN’s 8.8. Norton Ultra VPN Plus managed a near-perfect 99% detection and 9.8 points, the same as Malwarebytes Premium Security.

Looking beyond VPN/antivirus mashups to standard security suites, a couple of standouts scored even better. Like Norton, Avast One Gold and AVG Internet Security detected 99% of the samples. By blocking every trace of what they detected, both reached 9.9 points, the best score among products tested with the current sample set. Note that among its many features, Avast integrates VPN technology. As a standalone, Avast SecureLine VPN is a decent product but lacks the advanced features found in NordVPN, Surfshark, and other top VPN services.

That basic malware protection test confirms each antivirus product’s ability to recognize and defend against a collection of malware samples that we’ve thoroughly analyzed. However, malware in the real world is always changing and evolving, so we run a separate test using a feed of very recent malware-hosting URLs supplied by London-based lab MRG-Effitas. The goal in this test is to prevent downloading malware, either by diverting the browser away from the source or by recognizing and eliminating the malware payload. It seems like a perfect test for NordVPN, given its focus on identifying dangerous websites and downloads.

(Credit: NordVPN/PCMag)

Out of 100 verified malware-hosting URLs, NordVPN caught over three-quarters at the browser level, replacing the dangerous page with a warning page featuring a stylized ninja-like defender. A full exploration of the page yielded details about the detection, along with an option to mark the page as safe. It caught an additional 22% by detecting malware during download, for a total of 99% protection. 

In its own recent test, Surfshark managed 95% protection, also quite good. Traditionally Norton has done well in this test, but in its latest evaluation it dropped to 92%. Bitdefender, Sophos, and Trend Micro Antivirus+ Security edged out NordVPN with a perfect 100%. Like NordVPN, Guardio focuses its attention on web-based threats rather than local malware—it, too, reached 100%.

Excellent Phishing Detection

Even if a malware gang manages to slide an attack program past all barriers and install it on your system, that program still must contend with any local antivirus protection, as well as the protective features built into the operating system. Creating effective malware is hard. Phishing fraudsters eschew such toil and instead attack the weakest link in the security chain—the user.

A phishing website mimics a sensitive website as perfectly as possible. If you miss the warning signs and log in through the fake site, the phishing gang owns your account. Banking and financial sites are prime targets, but you’ll find all kinds of fakes, from webmail to dating sites to game pages. 

To prepare for our antiphishing test, we scrape reported frauds from websites that track such things. We make sure to include items too new to have hit antiphishing blacklists, along with ones that have been verified as fakes. Next, we set up four browsers, one protected by the antivirus under test and the other three by the protection built into Chrome, Edge, and Firefox. We launch each sample simultaneously in the four browsers and record how each defender handles it. If any of the four throws an error message, that URL goes on the scrap heap. We also toss any that aren’t clearly attempting to steal login credentials. After testing several hundred samples, we check the stats.

In our earlier malicious URL blocking test, NordVPN managed 99% protection. Against phishing frauds, it did even better, reaching 100%. Surfshark also achieved 100% detection in its own recent test, and Norton came close with 97%. Other security defenders that managed 100% detection in their own latest phishing protection test include Guardio, McAfee, Trend Micro, and the phishing-focused Norton Genie.

Checking for Vulnerable Components and Apps

Hackers continually tinker with operating systems and popular apps, looking for security holes to exploit. Security companies, on the other hand, spend their time patching these holes. During the time between discovery and patch, your system is potentially exposed. Like many antivirus tools, NordVPN works to minimize that window of danger by checking for vulnerable apps multiple times per day.

(Credit: NordVPN/PCMag)

On our test system, the vulnerability scan reported no findings, meaning that everything was up to date. That was surprising, as we deliberately keep Chrome and Firefox a version or two behind for testing purposes. A simple version check confirmed that these two needed an update. 

When NordVPN detects an app with a missing security patch, it simply advises you to go and manually run an update. Other security apps automate the process to varying extents. With Norton’s Software Updater component, present in Norton 360 Deluxe but not in Norton Ultra VPN Plus, you simply click a button to apply any missing patches. Avast One Gold goes even further, with an option to automatically apply all needed patches as soon as they’re discovered.

Additional Threat Protection Pro Features

Below the web protection icon on the Threat Protection Pro page, you’ll find a link titled View activity and customize. Clicking that brings you to the web protection settings page. Here, you’ll find a few more features beyond the big three already mentioned: scam detection, web tracker blocker, ad blocker, URL trimmer, and search results safety indicator. The URL trimmer merely removes unnecessary parameters like tracking code from the URLs your browser visits; the others have a little more meat to them.

(Credit: NordVPN/PCMag)

Scam detection warns you if the site you are visiting has a reputation for tricking people into buying fake or non-existent products. When it triggers, it displays the site in a panel inside a warning page. This is an uncommon feature, though Norton’s browser safety features include scam detection, and Bitdefender’s safety features flag a wide variety of fraud types.

Every time you visit a web page, your browser sends along a surprising amount of information to help the site provide you with the best experience. That information also goes to every third-party advertisement and tracker present on that page. By aggregating information from third-party elements on multiple websites, trackers can build up a detailed profile of your interests, a profile they can use to shape your experience. Even ads that aren’t involved in tracking can be annoying. NordVPN aims to prevent this kind of tracking and protect you from irksome ads.

(Credit: NordVPN/PCMag)

Like ExpressVPN, Windscribe, Proton VPN, and many others, NordVPN includes the heavy-handed ability to block known ad and tracker sites at the DNS level. Threat Protection Pro expands this protection with high-level ad and tracker blocking, a common feature in security suites and antivirus products. Bitdefender and Avira Free Security are among the many that handle this task using a browser extension. Typically, the extension’s toolbar button displays the number of trackers on the current page, with an option to click for more detailed information and control. 

NordVPN doesn’t report the number of ads in its toolbar button. It doesn’t log blocked items and doesn’t provide any easy way to fine-tune just what trackers get blocked. However, we could easily see it in action by opening an ad-infested page on two systems, one with NordVPN active and one without.

(Credit: NordVPN/PCMag)

Like Norton, Bitdefender, and others, NordVPN Threat Protection checks results from popular search engines and marks any that it finds to be dangerous. Norton takes the process a step further by offering a full report on any site, but NordVPN handles the basic task of guiding you away from dangerous search results well enough.

NordVPN Speed and Performance

Using a VPN can affect your download speeds, upload speeds, and connection latency. To get a sense of how great an impact a VPN has, we conduct a series of speed tests using a custom Ookla Speedtest tool built expressly for our benchmarking purposes. We explain our methodology in how we test VPNs. (Note: Ookla is owned by Ziff Davis, PCMag.com’s parent company. For more, see the ethics policy in our Editorial Mission Statement.)

In our latest runs, we found NordVPN reduced download speed test results by only 9.6%—the sixth-best score we’ve seen—and upload speed test results by 26.27%. Our latency results went up by 11.84% during the same run. These results are overall quite good, but do represent a drop from the last time we tested the service earlier this year, which only reduced our download speeds by 0.9%. This moves the service from the fastest we’ve tested to date down to its new place in the chart seen below:

You can find a full breakdown of our speed test results in our story on the fastest VPNs. That said, speed shouldn’t be the only criteria you use when choosing a VPN. Value, ease of use, and commitment to privacy are more important factors. 

Hands On With NordVPN for Other Platforms

We tested NordVPN on several of the other platforms the company has made the service available on, including iOS, Android, ChromeOS, and macOS. This doesn’t encompass the full list of compatible devices, though, which also includes Linux, browser extensions for Firefox/Chrome/Edge/Safari, and the option to either install NordVPN on your own router or purchase a preconfigured option directly from the company’s website.

(Credit: NordVPN/PCMag)

To get a sense of the mobile experience, we’re focusing on NordVPN on the iPhone. NordVPN’s iOS app is notable in its simplicity; after logging in and agreeing to give access to your Apple Keychain, you can quickly connect to any of NordVPN’s many servers around the globe. If you want a bit more control over your experience, you can scroll through the list of countries at the bottom of the app window, choose a country, and open a drop-down menu that reveals a list of all the servers in that country.

The iOS app offers access to either the NordLynx or OpenVPN protocols, but depending on your device, that list may change. Check out Nord’s website for a full breakdown of the supported protocols and features on your preferred device.

Does NordVPN Work With Netflix?

The majority of streaming services in operation today use some form of geo-restriction when it comes to what you can and can’t see on their sites. For example, while some shows like The Office are only available on Peacock in the United States, you’d have no issues watching the full series on Netflix in the UK due to local licensing deals with the major studios. The best VPNs we test can easily circumvent these blocks, allowing you to take a plane from NYC to London without ever missing an episode.

Given Nord’s status in the industry, it wasn’t surprising that we could access the entire Netflix library in an Open format when connected to all five servers we tested on NordVPN, including Canada, Japan, the UK, the US, and Australia. You can read more about how we qualify the Open format in our guide on how to unblock Netflix with a VPN, and check out the full results of our streaming service testing in the chart above.

Verdict: The Best Premium VPN Experience

NordVPN faces the stiffest competition the VPN industry has ever seen in 2024. Services like Mullvad VPN and IVPN drastically undercut NordVPN on price, while Proton VPN offers nearly all the same VPN features for less. Surfshark VPN and TunnelBear VPN, meanwhile, do not limit your number of simultaneous connections.

As for its new features, NordVPN doesn’t claim that Threat Protection Pro is a complete antivirus. In particular, it lacks the expected on-demand scanning and checking of local files. Even when we modified our malware blocking test to accommodate its quirks, it didn’t earn a great score.

What makes NordVPN stand out is that it has continued to grow and respond to an extremely competitive market. After adding just about every VPN feature available, NordVPN diversified its product, adding a password manager, an antivirus, and an encrypted file locker. Its unique set of features helps it stand out from other VPN services by providing cross-platform file-sharing and traffic routing between your devices or rented servers. All these additions help NordVPN justify its high price. So, while it is more expensive than much of the competition, NordVPN is an excellent, innovative product that is well deserving of our Editors’ Choice award.

Max Eddy contributed to this review.