You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
Cloning your website is another level in fix wordpress malware cleanup that can be useful. Cloning simply means that you have backed up your website to a totally different place, (offline, as in a folder, in order to not have SEO problems) where you can get it in a moment's notice if the need arises.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, that hides the files from public view.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more if you make regular additions and changes to your website. If you make changes multiple times every day, or have a community of people that are in there all the time, a daily backup should be a minimum.
Can you see that folder Imagine if you go to WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can't see what plugins you the original source might have. Because even if your current version of WordPress is current, if you are using an old plugin or a plugin using a security hole, someone can use that to get access.
Oh . And incidentally, I talked about plugins. When you get a plugin, make sure it's a safe one. Do not install any plugin simply because the owner is saying that plugin will allow you to do that or this. Use a test blog to look at the plugin, or maybe get a software engineer to examine it. This way you'll know it isn't a threat for your organization or you.