Cloning your site is just another level in fix hacked wordpress database that may be useful. Cloning simply means that you've backed up your site to a completely different place, (offline, as in a folder, so as not to have SEO problems) where you can access it at a moment's notice if the need arises.
Also, don't make the mistake of thinking that your web host will have your back so far as WordPress backups go. Not always. It's been my experience that the hosting company may or may not be doing proper backups, while they say they do. Why take that kind of navigate to these guys chance?
Recently, the blog posted a fake news article and of Reuters was hacked by an unknown hacker. Their reputation is already ruined because of what the hacker did, since Reuters is a news site. The same thing may happen to you if you don't pay attention.
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all come with logins and passwords you need to remember.
Oh . And incidentally, I talked about plugins. When you get a new plugin, make sure it's a safe one. Do not install any plugin just because the owner is saying that plugin can help you do this or that. Use perhaps, or a test blog to check the plugin get a software engineer to examine it carefully. This way you'll know it isn't a threat for your organization or you.