Encryption of WordPress Posts

I’ve been looking into making a completely private WordPress blog and have found useful blogs/tutorials along the way that have helped such as David Hewsons pretty detailed walkthrough.

I currently have a system in place (online) that is nice and private and requires login credentials to access the blog, now here-in lies the problem. I’m worried that if my web server is hacked in some way (I’m not going to be ignorant to the fact that this may occur) and my database accessed then all of my posts will be viewable – thus defeating all of the front-end privation work.

I’ve looked for pre-built solutions to encrypt the posts themselves but nothing exists yet, what I need is a helping hand in the right direction for writing a WordPress plugin as I haven’t a clue where to start in relation to coding plugins in WordPress, any help/tutorial links would be appreciated.

I do have quite extensive knowledge of PHP/MySQL albeit not in the WordPress fashion of API’s etc.

As far as I know what you ask is not really possible with WordPress (or any plain PHP app) alone. It is same dilemma as with database credentials in WP – if FTP is hacked then hacker gets database login/password from wp-config.php. It is impossible to protect those because WordPress (or any other PHP app really) needs them for database access. Even if they are stored encrypted at some point they will need to be decrypted.

Same thing with posts – even if store encrypted posts in database at some point WordPress will need to decrypt them. If WordPress can decrypt them then so does person who hacked account.

You can probably somehow separate keys from WordPress installation, but that is simply moving issue around – now still have to think about protecting keys from being hacked/leaked, they are just in another place.