Cloning your website is another level in how to fix hacked wordpress site that may be very useful. Cloning simply means that you've backed up your site to a completely different place, (offline, as in a folder, in order not to have SEO issues ) where you can access it in a moment's notice if necessary.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, which go hides the files from public view.
For me it's a WordPress plugin. They're drop dead easy to set up, have all the features you need for a task like this, and are relatively inexpensive, especially when compared to having to hire someone to have this done for you.
In addition to adding a secret key to your wp-config.php file, also consider changing your user password into something that's strong and unique. A good tip is to avoid common phrases, use letters, and include like it amounts, although you will be told the strength of your password by wordPress. It's also a good idea to change your password frequently - say once.
Do not use wp_ as a prefix for your databases. That default is being eliminated by web hosting providers but if yours doesn't, adjust wp_ to anything else but that.