True, more plugins increase the attack vector. However, this looks to be a helper plugin similar to LSCache plugin for Litespeed Caching. Which is required to integrate with WordPress, so it's a good thing they have a proper integration with WordPress.

No, I have not used it with GridPane.

Overall it looks superior to the current 6/7G firewall and even Modsec because it's crowd-sourcing intelligence data and is opensource and free to use. However, 7/6G and Modsec still offer great static rules and could be used in conjunction with a bit of tweaking.

I don't see a future for 6/7G because it's static, rarely updated, and requires care and feeding to ensure false positives aren't blocked. Oh, and the care and feeding is a technical penalty as you have to craft a workaround or search for one created by someone else.

The overall goal is a balance of ease to implement and manage while blocking most attacks (say 90%). This is great for smaller/medium traffic sites, and for larger, you will need to get to 95%+

Modsec is EOL 2024, and the coreruleset.org team is moving to Corza, which doesn't have support for Nginx yet https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/

You can read more about Corza here https://coraza.io/

So what's left? Crowdsec, Corza or a Cloud WAF such as Cloudflare.

I'm all in Cloudflare, simply due to the continued improvements of their technology and services and ease of management.

I try to limit my care and feeding time so that I can focus my time on more essential tasks which I'm sure everyone can agree on.