If you have a WordPress blog or website, WordPress security must be an issue for you. I'm sure you must have heard about hackers attacking blogs and websites of other people. The damage done by them can be enormous, especially when the particular blog was high page ranked, displaying high in search engines and profitable. It is not the only type of websites attacked by hackers. The reasoning behind their acts can't be explained as logical. They will destroy it for fun. I know stories of people who one day, instead of their website saw a short note informing them that their website has been blocked by Google due to the thread it carries to other internet users. It was a result of hacker attack, who made changes to the website.
Cloning your website is another degree in fix wordpress malware fix which can be useful. Cloning simply means that you've backed up your site to a completely different place, (offline, as in a folder, so as to not have SEO problems) where you can get it in a moment's notice if necessary.
Also, don't make the mistake of thinking that your hosting company will have your back as far as WordPress backups go. Not always. While they say they do, it has been my experience that the hosting company may or might not be doing backups. Take that kind of chance?
This is quite useful plugin, protecting you against brute-force attacks that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a range of IP addresses when a certain number of failed attempts content is reached.
You can even get an SSL Encyption Security to your WordPress blogs. The SSL Security makes encrypted and secure communications with your blog. So that all transactions are listed, you can even keep history of communication and the all the cookies. Make sure all your sites get SSL security for maximum protection from hackers.
Don't use wp_ as a prefix for your own databases. Web hosting providers are removing that default but if yours does not, fix wp_ to anything but that.