Cloning your website is just another degree in rename your login url to secure your wordpress website that can be useful. Cloning simply means that you have backed up your website to a completely different location, (offline, as in a folder, so as to not have SEO problems) where you can get it in a moment's notice if necessary.
Safeguard your login credentials Going Here - Don't keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is for protecting them good . Food for thought!
Is to delete the default administrator account. This is important because if you don't do it, malicious user already know a user name that they could try to crack.
Install the WordPress Firewall Plugin. This plugin investigates web requests to identify and prevent obvious attacks.
Do your homework and some hunting, but if you are pressed for time and want to get this done once and for all, try the WordPress safety plugin that I use. It is a relief to know that my website (and company!) are secure.