Yes. On WordPress.com sites, all communication (done over xmlrpc.php) is by default using an encrypted connection via SSL.

For self-hosted WordPress sites with SSL enabled, WordPress 2.6.1 or later supports pointing the RSD information at the “https” version of xmlrpc.php. This creates an encrypted communication link with the app.

To ensure encrypted communication with your self-hosted WordPress site, follow these steps:

1. Enable SSL on your hosting server: Ensure that your hosting provider has SSL enabled for your site. You can check this by accessing your site via https://yoursite.com.
2. Update your WordPress settings:
   • Log in to your WP Admin.
   • Navigate to Settings → General.
   • Update the WordPress Address (URL) and Site Address (URL) to use https.
3. Verify the RSD information:
   • The RSD information should automatically point to the “https” version of xmlrpc.php. You can verify this by viewing the source code of your site’s homepage and searching for the xmlrpc.php link. Ensure it uses https.

If you need more help with SSL you can contact the hosting provider.