I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Cloning your site is just another level in fix wordpress malware fix which may be very useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, so as to not have SEO problems) where you can get it at a moment's notice if the need arises.
It will start with the fundamentals. Attempt to use complex passwords. Use letters, numbers, special official source characters, and spaces and combine them to create a password that find out is special. You could use usernames that aren't obvious.
Exploit Scanner goes in search of anything suspicious through the files on your website post, comment and database tables. Additionally, it notifies you for plugin names. It doesn't remove anything, it simply warns you.
Another step to take to make WordPress more secure is to always upgrade WordPress. The main reason for this is that there also come fixes for old security holes Find Out More which makes it essential to upgrade.
However, I advise that you set up the Login LockDown plugin rather than any.htaccess controls. Login requests will be stopped by that from being allowed from a specific IP-ADDRESS for an hour or so after three unsuccessful login attempts. If you accomplish this, it is still possible to access your cell while and yet you have good protection against hackers.