What exactly is WordPress cloning and why is it a very useful tool to have in your webmaster's bag? Most people think that this is a dishonest technique for copying websites to garner more link traffic and love, and while that might have been true (and useful!) This is an entirely different endeavor.
My first step is not one you have to take but it helped me. I had a good old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And then I did what I should have done before I started my site. And here is where I want you to start. Learn how to protect yourself before you get hacked. The attractive thing about fix malware problems free and why so many of us recommend because it is so easy to learn, it is. Unfortunately, that can be a detriment to the health of our websites. We need to learn how to add a security fence.
Backup plug-ins is also important. You need to backup all the files and database you can get more bring back your blog like nothing happened.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Additionally, nobody will have the ability to read the document unless they've FTP or SSH access to your server.
In addition to adding a secret key to your wp-config.php document, also consider changing your user password into something that's strong YOURURL.com and unique. WordPress will tell you the strength of your password, but a great idea is to avoid common phrases, use letters, and include amounts. It's also a good idea to change your password regularly - say once every six months.
However, I recommend that you install the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being allowed from a specific IP-ADDRESS for an hour or so after three failed login attempts. You can still access your cell while and yet you still have protection against hackers if you accomplish that.