Cloning your site is just another degree in fix malware problem that may be very useful. Cloning simply means that you've backed up your website to a totally different place, (offline, as in a folder, so as to not have SEO problems) where you can get it at a moment's notice if necessary.
You can search for software that will backup your files and database. If hackers suddenly hack your site, you can restore your website with the use of your files and change.
This is quite handy plugin, protecting you against brute-force attacks that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Note that this last step for new installations should only try. You need to change all of the table names inside the database if you might like to do it for existing installations.
There is another problem you have with WordPress. People always know where they can login and they also could drop by with your login form and try a different combination of passwords and user accounts outside. In order to prevent this from happening you need to set up Login Lockdown. It is a plugin that only lets users attempt and login with a wrong password three times. Read More Here Following that the IP address will be banned from the server for a certain amount of time.