WordPress has a configuration option that you can set to force administrative sessions to happen over an SSL connection (https). Just add define('FORCE_SSL_ADMIN', true); to your wp-config.php file and you’re set, as long as your web server supports https and it is configured properly. Of course, this means that you must have an SSL certificate for your server.
It turns out that if your SSL certificate is not trusted, attempts to use the Flash uploader to upload files will give you a cryptic “IO error” message. In my case, this I was using Firefox when I first encountered this. My SSL certificate is self-signed, and even though I added an exception for it in Firefox, the Flash uploader still fails.
Here’s what I learned about this problem after banging on it for a few days.