Cloning your website is just another level in fix wordpress malware attack that can be very useful. Cloning simply means that you've backed up your website to a totally different location, (offline, as in a folder, in order not to have SEO issues ) where you can get it at a moment's notice if the need arises.
Also, don't make the mistake of believing that your web host will have your back as far as WordPress copies go. Not always. While they say they do, it's been my experience that the hosting company may or might not be doing backups. Why take that kind of chance?
Maintain control of your online assets - Nothing is worse than getting your livelihood in the hands of somebody else. Why take chances with something as important as your website?
Now we are getting into matters. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. You need to set up the database details there.
Do your homework and some hunting, but if you are pressed for time and need to get this done once and for all, try out the image source WordPress security plugin that I use. It's a relief to know that my site (and company!) are secure.