How to use BPS htaccess code for daily brute force login attacks

WordPress 4.4.2 running Delicate theme.

legalcafe.com is a subdomain pointing to a directory on our main site legalgrind.com. Our host is powweb.com. We have activated the BPS Brute Force Login plugin and are getting daily alerts. The most common solution appears to allow only a certain IP address to access the admin.

My problem is that I am not a programmer (I only know html and css) and need things simplified. First this is the code they recommend adding.

# Protect wp-login.php from Brute Force Login Attacks based on IP Address
<FilesMatch "^(wp-login\.php)">
Order Allow,Deny
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
Allow from 65.100.50.
</FilesMatch>

My questions are:
What IP do I use, my own personal computer’s IP or the host’s IP?
What file does this go on and where on the file?
What should be stripped from above code and what is really needed? For example do I just remove the comments?