When I was in college, one of my company instructors told us students that one of the greatest barriers to making money was procrastination.
Cloning, as it applies to fix wordpress malware attack, is the act of creating an exact copy of your WordPress install. What is good is that you can do it. There are a lot of reasons why you may want to do this. Here are only a few.
It all will start with the fundamentals. Try to use complex passwords. Use numbers, letters, special characters, and spaces and combine them to create a unique password. You could use usernames that are not obvious.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more, if you make regular additions and changes to your site. If you have a community of people which are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Now we're getting into matters specific to WordPress. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You about his need to install the database information there.
Don't use wp_. Web hosting providers are currently removing that default but if yours does not, adjust wp_ to anything but that.