Cloning your site is just another level in fix wordpress malware protection which may be very useful. Cloning simply means that you've backed up your site to a totally different location, (offline, as in a folder, so as to not have SEO problems) where you can get it at a moment's notice if necessary.
Don't depend on your internet host - Many men and women depend on their web host to"do all that technical stuff for me", not realizing that sometimesthey do not! Far better to have the responsibility lie with you, instead of out of your control.
You should also place the"Anyone Can Register" in Settings/General to away, and you ought to have some sort of spam plugin. Akismet is the old standby, the one I use, but there are lots of them nowadays.
Now we're getting into things. You have to rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to set up the database facts there.
However, I advise that you install the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being my response allowed from a for an hour or so after three failed login attempts. If you accomplish that, you can still access your cell while from your workplace, and yet you still have protection against hackers.