Someone seems to be attempting to get into my WP –

It's been heavily attacked since this afternoon, I've started banning IPs and adding some 'usernames' into the restricted area to slow it down but it's constantly happening.

I've ran the IP through traceip and it comes out Cloudflare – now I'm using Cloudflare myself, is that a false report? Any chance someone could review my logs?