Year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
Cloning your site is just another degree in fix wordpress malware scanner which may be very useful. Cloning simply means that you have backed up your site to a completely different place, (offline, as in a folder, so as not to have SEO issues ) where you can access it at a moment's notice if necessary.
An easy way to keep WordPress safe would be to use a few tools. First of all, do not allow people run a web host security scan, to list the files in your folders and automatically backup your web hosting account.
You also need to place the"Anyone Can Register" in Settings/General to away, and you should have some sort of spam plugin. Akismet is the old standby, the one I use, this website but there are many of them nowadays.
It is really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money. Balderdash.
Oh . And incidentally, I was talking about plugins. When you get a new plugin, make sure it's a safe one. Do not install any plugin just because the owner is saying that plugin will allow you to do this or that. Maybe use perhaps, or a test site to look at the plugin get a software engineer to analyze it carefully. This way isn't a threat for your organization or you.