Adding passwords to your posts is not that hard. You could easly do so by changing the visibility of your posts. WordPress.org also has a ton of useful code snippets and information to show you ways you can password protect custom fields and other parts of your website. If you know your Apache or Nginx, you can play around with .htaccess or .conf files to password-protect your files and directories. Want an easier way to do this? These 2 plugins can help:
Hide My Site: protects your website from public with a single password. You can disable password protection at any time and choose how long users stay logged in.
Password Protected: this plugin password protects your entire website with a single password. It only protects your content though, so you will have to make changes to your .htaccess file to limit access to your images and uploaded files.
There are a few other plugins that do the very same job. You only need one. You really need to spend some time protecting various parts of your site through Apache or Nginx to make sure your sensitive content does not leak out by accident.