Year and a half taught us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
Cloning your site is just another degree in fix wordpress malware cleanup that can be useful. Cloning simply means that you have backed up your website to a completely different location, (offline, as in a folder, so as to not have SEO issues ) where you can get it at a moment's notice if the need arises.
There are many ways to pull off this, and a lot involve re-establishing more and databases and FTPing files, exporting and copying. Some of them see this site are very complex, so it is important that you go for the one that is best. Then you may want to check into using a plugin for WordPress backups if you are not of the technical persuasion.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be found in website repair denver the main directory. Also, nobody else will be able to read the file unless they have FTP or SSH access to your server.
Whitelists phrases and black based on which field they look inside, in a page request. (unknown/numeric parameters vs. known article bodies, comment bodies, etc.).
Do your homework and some hunting, but if you're pressed for time and need to get this done once and for all, try the WordPress safety plugin that I use. It visit the site is a relief to know that my website (and business!) are secure.