For maximum security I'd like to implement data encryption in Craft CMS for all data stored in the database. So if it gets hacked the data is pretty much useless.
What's a way to accomplish this? Or is there any plugin that takes care of this? I found this one but it hasn't been updated in 3 years and only supports text-fields.
You might want to re-think/clarify your strategy here. :)
Is it only custom fields you want to encrypt? Or maybe only specific fields (not every custom one). Encrypting every bit of data (custom field or not) in a database has many drawbacks. And it doesn't make sense in most cases since 99% of the data in a Craft install usually isn't considered sensitive. i.e. What does it matter if someone that gets access to your database knows the asset ID for cat.jpg is 5?
Encryption/decryption requires a key to be stored somewhere, too. Encryption uses that key to encrypt the data and decryption uses it to decrypt the data. Chances are, if someone has access to your database, then there's a good chance they'll have access to that key as well. Because if Craft/PHP is the one doing the encryption/decryption, then the code will need to be able to read that key wherever it might be stored. And if PHP can read the key, then an attacker probably could as well.
The plugin you linked simply provides a single custom field type that will encrypt any data that is entered into it, but it has a design flaw in that the encryption key is actually stored in the database. So if the database is compromised, then it's trivial to decrypt the data.
MySQL has some native support for encryption/decryption at the field level where you have to pass in a key with those SQL queries, but that would probably need to be done in the context of a Craft plugin that was maintaining its own database tables.
