I've got the latest version of WP-Firewall 2 and the latest version of WP. I'm using Cart66 and getting the following email alert:
WordPress Firewall has detected and blocked a potential attack!
Web Page: $offending_url
Warning: URL may contain dangerous content!
Offending IP: 188.8.131.52 - http://ip-lookup.net/?ip=184.108.40.206
Offending Parameter: Cart66SID = BYW2OPH90XAEX0KMM8ZW3AGEEP2IELJ8EX3L5Y2S
This may be a "WordPress-Specific SQL Injection Attack."
I've whitelisted the parameter, turned off the emails, and even left the email address field blank (to receive alerts). However, WP-Firewall 2 remembers my old email address and keeps sending thousands of alerts anyway. Any help?