Year and a half taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
WordPress cloning, as it applies to rename your login url to secure your wordpress website, is the act of making an exact replica of your WordPress install. What is good is that with the right software, you can do it. There are a lot of reasons. Here are only a few.
This is great news because it useful source means that there's a strong community of users and developers that can enhance the platform. However, whenever there's a group there will always be people who will attempt to take them down.
1 thing you can take is to delete the default administrator account. This is critical because if you don't do it, a user name that they could try to crack is known by malicious user.
Phrases that were whitelists and black based on which field they appear inside, in a page request. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
These are. Set a blank Index.html file in your folders, run your web host security scan and backup your entire account.