Cloning your site is just another degree in secure your wordpress site which may be useful. Cloning simply means that you have backed up your site to a completely different place, (offline, as in a folder, in order to not have SEO issues ) where you can access it in a moment's notice if the need arises.
The one I recommend, and the stronger approach, is to use one of the generation and storage plugins available for your browser. RoboForm is liked by many people, but use this link I think after a trial Go Here period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
You need to create a new user with administrator rights before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all of the information you will need to enter.
Safety plug-ins that were all-Rounder can be considered as a complete security checker. They give you information concerning the probable weaknesses of the site and scan and check the site.
Those are three very simple things you can do to keep WordPress secure without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your entire account.