Just sharing this in case someone else happens to run into this.
I'm using Limit Login Attempts along side WebsiteDefender WordPress Security and ran into a minor issue. WDWS removes login error message and changes the style setting so the error box or message don't display at all.
Honestly, I'm torn between the security of having no login error messages displayed (so no potential hacker gets info), and having my users go insane not knowing why they can't log in.
For now I've changed a single setting on one of WDWS's stylesheets (acx-styles-extra.css) so the login error form does display. However, WDWS still removes the error message for regular login failures, so the error box shows up but has no message. However, LLA messages come in a different way (or don't call whatever wp login error message hook) so they still show up. Not the most user friendly, but I'm good with that for now.