Cloning your website is just another degree in fix hacked wordpress database which may be very useful. Cloning simply means that you have backed up your site to a completely different place, (offline, as in a folder, so as not to have SEO problems) where you can access it at a moment's notice if necessary.
The more powerful approach, and the one I recommend, is to use one of the creation and storage plugins available on your browser. I think after a free trial period, you have to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you.
So what is the best solution you should pick? Out of all of the possible options you can make, which one should you choose and which one is right for you specifically now?
Now we are getting into matters. You have to rename it to config.php and modify the file config-sample.php, when you install WordPress. You will need to deploy the database facts there.
Do your homework and some hunting, but if you're pressed for time and want to get this try the WordPress security plugin that I use. It is click for info a relief to know that my site (and business!) are Web Site secure.