Cloning your site is just another level in fix wordpress malware scanner which may be very useful. Cloning simply means that you've backed up your site to a totally different location, (offline, as in a folder, so as to not have SEO issues ) where you can access it at a moment's notice if the need arises.
I protect an access to important files on helpful resources the site's server by putting an index.html file in the particular directory, that hides the files from public view.
Keep your WordPress Setup to date - One of the simplest and most valuable tasks you can do yourself is to make sure your WordPress installation is upgraded. WordPress gives you a notice in your dashboard, so there is really no reason.
It's really sexy try this site to fan the flames of fear. That is what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money into the war chests. Balderdash.
Oh . And by the way, I was talking about plugins. Make sure it's a safe one when you get a new plugin. Do not install any plugin simply because the owner is saying that plugin can allow you to do that or this. Use maybe, or a test blog to check the plugin get a software engineer to examine it. This way you'll know it is not a threat for you or your organization.