Cloning your website is just another degree in repair hacked wordpress site that can be very useful. Cloning simply means that you have backed up your website to a completely different place, (offline, as in a folder, so as to not have SEO problems) where you can access it in a moment's notice if necessary.
I might find it a little harder to crack your password if you're among the ones that are proactive. But if you're among the reactive ones, I might get you.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it can't be found in the main directory. Additionally, nobody else will have the ability to read the document unless they have SSH or FTP access.
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all come with logins and passwords you need to remember.
However, I recommend that you install the Login LockDown plugin instead of any.htaccess controls. This will stop login requests from being allowed from a specific IP address for one hour. You may still informative post get into your admin panel whilst away from your office, and yet you have good protection against hackers if you do so.