A half and last year educated us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
Cloning your website is just another level in clean hacked wordpress site which may be useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, in order to not have SEO issues ) where you can get it at a moment's notice if necessary.
Strong passwords - Do your best to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
Recently, an unknown hacker murdered the site read review of Reuters and posted a news article. Their reputation is already ruined because of what the hacker did, since Reuters is a news site. The same thing may happen to you if you do not pay attention.
As I (our untrue Joe the Hacker) know, people have way too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, internet hosting, etc. accounts which all come with logins and passwords you need to remember.
Oh . And incidentally, I talked about plugins. Make sure it's a secure one when you get a new plugin. Do not install any plugin simply because the owner is saying on his website that plugin can help you do this Full Article or that. Use maybe, or a test site to check the plugin get a software engineer to analyze it carefully. This way you'll know it isn't a threat for you or your business.