Cloning your site is just another degree in fix wordpress malware fix which may be useful. Cloning simply means that you have backed up your site to a completely different location, (offline, as in a folder, in order not to have SEO issues ) where you can access it at a moment's notice if the need arises.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, which hides the files out of public view.
Exploit Scanner goes through the files on your website comment database and post tables. You are also notified by Bonuses it for odd plugin names. It doesn't remove anything, it warns you for possible threats.
Note that this step for setups should try. If you would like to do it you need to change all of the table names within the database.
There are always going to be risks being online (or even just being alive!) Also it's easy to get caught up in the fear. We often put the breaks on As soon as we additional info get caught up in the panic. This isn't a reaction that is good. Take some common sense precautions, then forge ahead. If something bad does happen, it will have to be addressed then and no amount of quaking in your will have helped. All is good, if websites nothing does and you have not made yourself ill.