Since scare tactics seem to be at least start considering the problem, or what drives some people to take fix wordpress malware fix a bit more seriously, allow me to shoot a couple of scare tactics your way.
No software system is resistant to bugs and vulnerabilities. Security holes will be discovered and guys will do their best to exploit them. Keeping your software up-to-date is a fantastic way to stave off attacks, once security holes read this article are found because their products will be fixed by software sellers that are reliable.
This is very handy plugin, protecting you against brute-force attacks that are password-crack. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts for a range of IP addresses when a certain number of attempts is reached.
So what's the best way to accomplish WordPress cloning? Out of all of the choices that are available right now, which one is right for you and which route should you choose?
There is. People know where they can login and additionally they could just visit with your login form and try outside a different combination of user accounts and passwords. In order to prevent this from happening you want to set up Login Lockdown. It's a plugin that only lets users attempt and login with a wrong password three times. After that the IP address will be banned from the server for a certain timeframe.