WordPress cloning, as it applies to how to fix hacked wordpress, is the act of making an exact copy of your WordPress install. What is great is that you can do it in just a couple clicks. There are a lot of reasons. Here are only a few.
You can search. It is easy to restore webpage your site with the use of your files and change if hackers abruptly hack your website.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make frequent additions and changes to your site, definitely more. If you make changes multiple times every day, or have a community of people which are in there all the time, a daily backup should be a minimum.
You can extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a fantastic choice and you can use it.
There is another problem you have with WordPress. People always know where they can login and they could just drop by your login form and try a different combination of passwords and user accounts outside. In order to stop this from happening you need to set up Login Lockdown. It's a plugin that allows users to attempt to login with a password three times. After that the IP address will be banned from the server for a specific timeframe.