There are better ways to block brute force attacks against Wordpress (mod_security, carpet bombing), but if your host provider goes the .htaccess route then here are a couple of caveats to be mindful of.
First, pay attention to the order of statements. This
Allow from XX.XXX.XXX.X
Deny from all
won't work like you expect. You need to put the Allow statement at the end. In addition, there can be no space between
or again it will fail to work.
Using .htaccess can mitigate some small attacks, but it can quickly be overwhelmed so don't expect miracles. Sometimes you have to ride it out or employ other more drastic solutions (Special Forces, anthrax).