After reading through some other users comments, as well as the Wordfence blog, I noticed that this issue was supposedly addressed in an update earlier this year - having the Wordpress index.php file at the root level, while all other Wordpress files are in a subfolder.
However I don't recall seeing any option to specify this within Wordfence. Does it just auto detect it? And if so, does it write to both .htaccess files at the root level and in the subfolder? Or is it supposed to only be one or the other?
Also, I am currently using Bluehost, which has "mod_cloudflare" already installed and enabled. This is supposed to take care of the IP address issue, and pass along the real visitor IP address. If this is running, do we still need to choose the "Cloudflare" option within Wordfence? Is this redundant and/or would this possibly cause problems?