Prepare allows you to dynamically build SQL with CONCAT then return or execute SQL.
CREATE PROCEDURE `wp_winners`(getBy VARCHAR(10), intervalType CHAR(10), intervalLength INT)
BEGIN
-- getBy = location or provider
-- intervalType = day, week, month
-- intervalLength = integer
DECLARE theSQL VARCHAR(4000);
DECLARE intType VARCHAR(10) DEFAULT 'day';
SET theSQL = CONCAT('SELECT DATE(NOW() - INTERVAL ', intervalLength, ' ',
intervalType, ') AS from_date, DATE(NOW()) AS to_date, ',
'SUM(hits) AS attempts, location, provider FROM wordpress_failed_logins ',
'WHERE DATE(date_added) >= DATE(NOW() - INTERVAL ', intervalLength, ' ',
intervalType, ') AND hits > 5 GROUP BY provider ORDER BY SUM(hits) DESC;');
SET @theSQL = theSQL;
PREPARE runSQL FROM @theSQL;
EXECUTE runSQL;
DEALLOCATE PREPARE runSQL;
END