In Wordfence you could also select the option under "How does Wordfence get IP's" to use the CF-Connecting IP header. This is on your Wordfence options page towards the top.
Maybe damon can confirm that CF is still sending that header.
But I agree that if you are using cloudflare, you really want to either install their plugin or I think they also have an apache module that will make sure your WP install sees the correct IP's and will disallow any other IP's from connecting which saves you from getting attacked by someone just going around their reverse proxy.
Regards,
Mark.