WordPress cloning, as it applies to fix wordpress malware, is the act of making an exact copy of your WordPress install. What's good is that in only a couple clicks, you can do it with the right software. There are a number of reasons. Here are just a few.
Don't make the mistake of thinking that your hosting company will have your back as far as WordPress copies go. Not always. It's been my experience that the hosting company may or may not be doing proper find out backups, while they say that they do. Take that kind of chance?
Keep your WordPress Installation up to date - One of the easiest and most valuable tasks you can do yourself is to ensure that your WordPress installation is upgraded. WordPress gives you a notice in your dashboard, so there is really no reason not to do this.
Black and whitelists phrases based on which area they appear within. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted after three unsuccessful login attempts from a certain IP address for one hour. You may still access your panel while and yet you have protection against hackers if you do so.