Cloning your site is just another level in fix wordpress malware cleanup that may be very useful. Cloning simply means that you've backed up your site to a totally different location, (offline, as in a folder, in order to not have SEO problems) where you can access it in a moment's notice if the need arises.
Also, don't make the mistake of believing that your web host will have your back so far as WordPress copies go. Not always. It's been my experience that the hosting company may or may not be doing proper backups, while they say that they do. Take that kind of chance?
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are. A hyperlink is within that part of code. You want to enter that link into your browser, copy the contents that you get back, and replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
So what's the best way? Out of all of the choices that are available today, which one is right for you personally and which path should you choose?
Oh . And incidentally, I talked about plugins. Make sure it's a safe one, when you get a new plugin. Do not install any plugin because the owner is saying that plugin will allow you to do this or that. Maybe use get a software engineer to examine it carefully, or perhaps a test blog to check the plugin. This way you'll know it is not a threat for you click for more info or your business.