Cloning your site is just another level in how to fix hacked wordpress site that can be useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, in order not to have SEO issues ) where you can access it in a moment's notice if necessary.
The stronger approach, and the one I personally recommend, is to use one of the creation and storage plugins available for your browser. I think after a trial period, you have to pay for it, although Lots of people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you; you then use one master password to log in.
You should also place the"Anyone Can Register" in Settings/General to off, and you read this ought to have some sort of spam plugin. Akismet is the old standby, the one I use, but there are my latest blog post lots of them nowadays.
So what's the best way? Out of all the possible choices that are available right now, which one is appropriate for you personally and which route should you choose?
Oh . And incidentally, I was talking about plugins. When you get a new plugin, make sure it's a safe one. Don't install any plugin because the owner is saying that plugin can help you do this or that. Maybe use get a software engineer to examine it, or maybe a test site to look at the plugin. This way you'll know it isn't a threat for you or your organization.