Cloning your website is just another degree in fix hacked wordpress database which may be very useful. Cloning simply means that you have backed up your site to a totally different place, (offline, as in a folder, in order not to have SEO issues ) where you can get it in a moment's notice if the need arises.
The one I recommend, and the approach, is to use one of the password generation and storage plugins available for your browser. People like RoboForm, but I think after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you.
While it's an odd look at this website term, it represents a task: making a WordPress backup of your site to work on offline, or in the event something should go amiss. We are not only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to this article you, you understand the fear is it can cause.
If you're not running the latest version of WordPress, upgrade. Similar to keeping your door unlocked when you leave for vacation, leaving your site is.
There is. People know additionally they could just visit your login form and where they can login and try outside a different combination of user accounts and passwords. So as to stop this from happening you need to set up Login Lockdown. It's a plugin that lets users try and login with a password three times. After that additional resources the IP address will be banned from the server for a specific amount of time.