I just use the All in one and akismet here in this install, in true i have after not follow testing with wordfence. But the code is standalone like all the rest, should work fine, will cause nothing to your install in any case.
The session keys countermeasure is important because things works with cookies values, a script could be created to present many times different values to try to guess the right phpBB session presented via this plugin code to wordpress. To avoid this as explained into the linked post, the code do the follow:
if a fake session presented via cookie then it will be treated as brute force attack, and the code fire a fake/failed login on background, so if you install a plugin that block a login for an user, if after tot times it do not match a password, the plugin will recognize a failed login. The user will be redirected to wp login page. Anyway, even if you do not install a strike system login, until a valid login is not recognized, simply the integration plugin will refuse to execute unwanted code, making the attack not a problem for what concern the integration plugin. But a default wordpress still will be exposed. Even if to guess a random string that is rand about length and chars that presents millions of millions of combinations is very very hard, better to sleep well and secure at night time.
The logged in user (of the may same attacked account) will not be affected any way by the session brute force plugin's countermeasure option.
Try to install Word Fence if you prefer it and test things, may report if you find any problem, so we can resolve making the plugin more compatible with more plugins, but as said all should work fine. And remember you can always momentary disable the plugin if anything goes wrong.
What you want to stay secure, leaving register/login wp side is:
enable the session bruteforce countermeasure into integration plugin admin
enable at least a firewall strike system that block logins when done more then 3 or 5 times, allowing to reset logins via email to users
may enable a recaptcha for registration page, or something that not allow fake accounts to be registered
that's are common security measures applied everywhere
phpBB come already with several protections that you may already know, whenever you let login or register users into phpBB side