Cloning, as it applies to how to fix hacked wordpress, is the act of creating an exact replica of your WordPress install. What is good is that in just a couple clicks, you can do it with the right software. There are a number of reasons. Here are only a few.
Strong passwords - Do what you can to use a password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
There's a section of config-sample.php that's headed"Authentication Unique Homepage Keys." find more info There are four definitions that appear within the block. There's a hyperlink within that section of code. You need to enter that link into your browser, copy the contents that you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
Phrases that were whitelists and black based on which field they appear within. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
There is another problem you have with WordPress. People always know they could visit your login form and where they can login and try a different combination of passwords and user accounts outside. In order to prevent this from happening you want to set up Login Lockdown. It is a plugin that only allows users to attempt and login with a wrong password three times. Following that the IP address will be banned from the server for a specific amount of time.