Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
Cloning your site is just another degree in how to fix hacked wordpress which can be very useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, so as to not have SEO problems) where you can access it in a moment's notice if necessary.
This is fantastic news as it means that there is a strong community of developers and users that could enhance the platform. However there is a group there will always be people who will try to take down them.
You also need to place the"Anyone Can Register" in Settings/General to off, and you should have some sort of spam plugin. Akismet is the one I use, the old standby, but there are many of them nowadays.
Imagine if you go to WP-Content/plugins, can you view that folder? If so, upload that blank More Bonuses Index.html file into that folder as well so people can't view what plugins you have. Because even if your version of WordPress is up to date, if you are using a plugin or an old plugin with a security hole, then someone can use this to get access.
There is another problem you have with WordPress. People know they also could just drop by with your login form and where they can login and try out a different combination of passwords and user accounts. In order to prevent this from happening you need to install Login Lockdown. It is a plugin that only lets users try and login with a wrong password three times. Following that the IP address will be click for info banned from the server for a certain timeframe.