Cloning your site is just another degree in how to fix hacked wordpress site that may be very useful. Cloning simply means that you've backed up your website to a completely different location, (offline, as in a folder, in order to not have SEO problems) where you can get it in a moment's notice if necessary.
Safeguard your login credentials - Don't keep your login credentials where a hacker could locate them. Store them off, and even offline. Roboform is for protecting them good . Food for thought!
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are. There is a hyperlink within that section of code. You need dig this to enter that link in your browser, copy the contents that you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Now we're getting into matters specific to WordPress. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You want to install the database details there.
Do your homework and some hunting, but if you are pressed for time and need to get this done once and for all, try out the WordPress security plugin that I use. It's a relief see to know that my site (and business!) are secure.