Last year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
The fix hacked wordpress Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the administrative page from your web host.
This is great news as it means that there's a community of users and developers who could further enhance the platform. However there's a significant group there will always be people who will try to take them down.
While it's an odd term, it represents a essential task: creating a WordPress copy of your website to work on offline, or in the event something should go amiss. We're not only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you know the fear is it can cause.
It's really sexy to fan the flames of fear. That's what bloggers and journalists and politicians and public figures do. It's terrific for readership and it brings money. Balderdash.
The plugin should be regularly updated have WordPress cloning, play nice and to stay current check that with the latest WordPress release and restore capabilities. The ability to clone your website (along with regular copies ) can be useful if you ever need to do an offline website redesign, among other things.