When I was in college, one of my company instructors told us students that one of the biggest hurdles to making money in business was procrastination.
Cloning your website is another degree in clean hacked wordpress site which can be useful. Cloning simply means that you've backed up your site to a totally different place, (offline, as in a folder, so as to not have SEO problems) where you can access it at a moment's notice if the need arises.
The one I recommend, and the approach, is to use one of the generation and storage plugins available for your browser. I think after a free trial period, you have to pay for it, although RoboForm is liked by people. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you; you then use one master password to log in.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of webpages (which includes, and is ordinarily limited to, your webpage navigation menus).
Install the WordPress Firewall Plugin. This plugin investigates web requests with heuristics to recognize and stop attacks that are most obvious.
Oh . And you can check here incidentally, I was talking about plugins. When you get a new plugin, make sure it's a secure one. Don't install any plugin because the owner is saying that plugin will allow you to do that or this. Maybe use maybe, or a test site to look at the plugin get a software engineer to examine it carefully. This way you'll know it isn't a threat for you or your business.