I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Cloning your site is just another degree in clean hacked wordpress site that may be useful. Cloning simply means that you've backed up your website to a completely different location, (offline, as in a folder, in order to not have SEO issues ) where you can get it at a moment's notice if the need arises.
Essentially, it will start with the basics. Try to use complex passwords. Use numbers, letters, special characters, and spaces and combine them to make a password. You could also use usernames that are not obvious.
This is quite useful plugin, protecting you against brute-force attacks that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of failed attempts is reached.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You want to install the database details there.
Using a plugin for WordPress security only makes sense. Backups will website link need to be performed on a regular basis. Do not become a victim as a result of not being proactive!