Cloning your website is just another level in how to fix hacked wordpress site which may be useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, so as to not have SEO issues ) where you can get it at a moment's notice if necessary.
Truth is, if your own website is targeted by a capable master of this script, there is really no way to prevent an intrusion. Everything you are about to read below are a few precautionary actions you can take to quickly minimize the threat. Chances are a hacker would prefer choosing more easy victim, another if your WordPress site is well protected.
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely more, if you make changes and additions to your site. If you have a community of people which are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Upgrade, if you're not currently running the latest official statement version of WordPress. Leaving your website is like maintaining your door unlocked when you leave for vacation.
However, I recommend that you set up the Login LockDown plugin instead of any.htaccess controls. That will stop login requests from being allowed from a certain IP address for one hour after three unsuccessful login attempts. You may still get into your admin panel whilst away from your office, and yet you still have good protection against hackers if you do so.