I have this modest little database with information on keys and IP addresses; it's typically a large-scale version of what most developers do to keep trolls banned and such. I've recently gotten into a security kick because it's been doing a lot of security no-nos for over a year now, such as transmitting access passwords in plain text.

I'm looking for simple but effective methods to secure this connection to a reasonable level, and after a bit of brainstorming I came up with this method:

As it is now, queries are sent in plaintext, such as user=blah&pass=zki&action=dothis¶meter=bob, and my simple solution to this blatant disregard for security was to send the query as something like user=blah&completequery=[everything encrypted with the password]. Given there's no real way to determine if the source of the query was actually the user, I figured this'd add a reasonable amount of security because it'd take quite a while to guess what was used to encrypt the second parameter and in what form, as well as the system automatically banning IP addresses from connecting after X failed authentications.

Should I use this method, or does anyone have something better? I'm open to criticism because I'm a gigantic security noob, and any suggestions for better methods would be helpful (keep in mind I'm not trying to implement government-level mind-blowing security, just some basics to patch up some holes).