Cloning your site is just another level in fix malware problems free which can be very useful. Cloning simply means that you have backed up your site to a totally different place, (offline, as in a folder, so as to not have SEO issues ) where you can get it in a moment's notice if necessary.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, that hides the files from public view.
1 step you can take is to delete the default administrator account. This is critical because if you do not do it, malicious user already know a user name that they could try to crack.
You can also create Continued a firewall that blocks hackers from infiltrating your blogs. The hacker is prevented by the firewall from coming to your files. You also have to have version of Apache. Upgrade your PHP. It's important that your system is filled with upgrades.
Do your homework and some hunting, but if you're pressed for time and want to get this try the WordPress security plugin that I use. It's a relief to know that my site (and company!) are secure.