Try this:
<FilesMatch wp-login.php>
Order Allow,Deny
Allow from XXX.XX.XXX
</FilesMatch>

You can try something like this inside your main .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

This will block access to wp-admin and wp-login unless IP matches.