Cloning your site is just another degree in how to fix hacked wordpress site that can be useful. Cloning simply means that you've backed up your website to a completely different location, (offline, as in a folder, so as not to have SEO issues ) where you can get it in a moment's notice if the need arises.
I might find it a little harder to crack your password if you're among the ones that are proactive. But if you're among the ones that are responsive, I might get you.
Luckily, keeping your WordPress site up-to-date is one of the most easy things you can do. For the last few versions, the ability to set up updates has been included by WordPress. A new update becomes available.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think this plugin is a good choice and you can use it.
However, I advise that you set up the Login LockDown plugin in place of any.htaccess controls. That will stop login requests from being permitted from a specific IP address for an hour after three failed login attempts. You can see this here still access your panel whilst away from your workplace, and yet you have good protection against hackers, if you do that.