WordPress announced on Reset the Net day that it would encrypt all of its wordpress.com subdomains with SSL by the end of 2014. The announcement came on the anniversary of the first news reports describing the depths of NSA surveillance. WordPress does not support HTTPS Strict, also known as HSTS, nor does it support STARTTLS. The EFF was unable to determine whether WordPress supports Perfect Forward Secrecy, or whether it encrypts data center links. Other large providers such as Amazon, Apple, AT&T, Comcast, Foursquare, LinkedIn and Verizon do not.
Source: https://threatpost.com/wordpress-promises-ssl-on-all-domains-by-end-of-2014/106513/