As of today, WordPress is powering 48 of the blogs on the Internet. Aside from that, WP is also powering 19% of the web as a whole. It means that a lot of people trust WordPress when they want creation of sites and blogs.
Cloning your site is just another level in fix wordpress malware attack which can be very useful. Cloning simply means that you've backed up your site to a completely different place, (offline, as in a folder, so as not to have SEO issues ) where you can get it at a moment's notice if the need arises.
Truth is, if your site is targeted by a master of the script, there is no way. Everything you are about to read below are a few precautionary measures you can take to quickly minimize the risk to an acceptable degree. Odds are a hacker would prefer next choosing easier victim, another if your WordPress site is protected.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Additionally, nobody else will have the ability to read the file unless they have FTP or SSH access.
Black and whitelists phrases based on which field they appear inside. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
However, I recommend that you install the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being permitted from a specific IP-ADDRESS for an hour or so after three unsuccessful login attempts. It is still possible to access your admin cell while from your workplace, and yet you have good protection against hackers, if you accomplish this.