Cloning your site is just another degree in fix wordpress malware that can be useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, so as to not have SEO problems) where you can access it in a moment's notice if the need arises.
Also, don't make the mistake of thinking that your hosting company will have your back so far as WordPress copies go. Not always. It has been my experience that the company may or may not be doing proper backups while they say they do. Take that kind of chance?
Recently, the site posted a fake news article and of Reuters was murdered by an unknown hacker. Their reputation is ruined due to what the hacker did, since Reuters is a news website. If you do not pay attention on the safety of your WordPress 20, the same thing may happen to you.
Can you see that folder Imagine if you go to WP-Content/plugins? If so, upload that blank Index.html file inside that folder as well so Visit Your URL people can't see what plugins you have. Because if your version of WordPress is up to date, if you're using an old plugin or a plugin using a security hole, someone can use this to get access.
Do your homework and some hunting, but if you are pressed for time and want to get this try the WordPress safety plugin that I use. It's a relief to know that my site (and business!) are secure.