Cloning your site is just another degree in fix wordpress malware scanner that may be useful. Cloning simply means that you've backed up your site to a completely different place, (offline, as in a folder, in order to not have SEO problems) where you can access it in a moment's notice if necessary.
There are numerous ways to pull this off, and many involve re-establishing databases and more and FTPing files, exporting and copying. Some of these are very complex, so it is imperative that you go for the one that is best. If you are not of the persuasion that is technical, then you might click this want to check into using a plugin for WordPress backups.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of webpages (which contains, and is usually restricted to, your page navigation menus).
Upgrade today if you're not currently running the latest version of WordPress. Similar to maintaining your door unlocked when you leave for vacation leaving your site in an old version is.
There is another problem you have with WordPress. People know where they can login and additionally they could just drop by with your login form and try out a different combination of passwords and user accounts. In order to prevent this from happening you need to set up Login Lockdown. It is a plugin that only lets users try and login with a password three times. Following that the IP address will be banned from the server for a certain amount of time.