What is WordPress cloning and why is it a very useful tool? Most people think this is a shady technique for duplicating sites to garner more link traffic and love, and while that may have been accurate (and useful!) This is an entirely different endeavor.
I back my blogs using a free plugin WP DB Backup up. If anything happens I will restore my blog. I use WP Security Scan free plugin to scan my blog frequently and WordPress Firewall to block requests that are suspicious-looking to fix wordpress malware.
The approach, and the one I recommend, is to use one of the creation and storage plugins available on your browser. I think after a trial period, you need to pay for it, although RoboForm is liked by people. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate secure passwords for you.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it there if it can't be found in the root directory. Also, nobody will be able to read the document unless they have FTP or SSH access.
You may extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it for free and this plugin is a good option.
Do your homework and some searching, but if you are pressed for time and want to get More Info this try out the WordPress security plugin that I use. It is a relief to know that my website (and company!) are secure.