Yes, if the WebSocket connection uses the
wss:// protocol, messages are encrypted using TLS/SSL, just like HTTPS. Unencrypted connections use ws:// and are not secure.
Encrypted (wss://)

   Protocol: WebSocket Secure (wss://)
   Encryption: Uses Transport Layer Security (TLS/SSL) for encryption, the same technology as HTTPS.
   Security: The connection is encrypted, making it unreadable to third parties and protecting against man-in-the-middle attacks.

Unencrypted (ws://)

   Protocol: WebSocket (ws://)
   Encryption: No encryption is used.
   Security: Data is transmitted in plaintext, making it vulnerable to being intercepted and read by anyone on the network.