It's also important to change admin username and your password if someone needs admin username and your password to login to perform the job and helps you. Admin username and your password changes after all of the work is finished. Even if the man is trustworthy, someone in their company might not be. Better to be safe than sorry!
Cloning, as it applies to fix wordpress malware virus, is the act of creating an exact replica of your WordPress install. What's great is that with the correct software, you can do it. There are a lot of reasons. Here are only a few.
Do not depend on your Web host - Many people rely on their web host to"do all that technical stuff for me", not realizing that sometimesthey don't! Far better to have the responsibility lie rather than out of your control.
Exploit Scanner goes through the files on your website database, comment and post tables in search of anything suspicious. It also informs you for odd plugin visit site names. It doesn't remove anything, it simply warns you for possible threats.
Note that you should only try this last step for setups. You will also have to change the table names inside the database if you might like to do it for installations.
However, I recommend that you set up the Login LockDown plugin instead of any.htaccess controls. This will stop login requests from being allowed from a certain IP address for one hour. If you do so, you can still get into your admin panel whilst away from your workplace, and yet you have great protection against hackers.