This information is straight out of an excellent post on CSS-Tricks about moving to HTTPS on WordPress, but the information is so valuable that I felt it bears repeating.
Source attributes for images within WordPress are fully qualified HTTP URLs. In order to eliminate the explosion of mixed content warnings, after a site has been migrated to HTTPS, run the following SQL statements to convert references to http:// to the protocol relative //
| // image src in double quotes | |
| UPDATE `wp_posts` | |
| SET `post_content` = ( REPLACE (`post_content`, 'src="http://', 'src="//') ) | |
| WHERE INSTR(`post_content`, 'jpeg') > 0 | |
| OR INSTR(`post_content`, 'jpg') > 0 | |
| OR INSTR(`post_content`, 'gif') > 0 | |
| OR INSTR(`post_content`, 'png') > 0; | |
| // image src in single quotes | |
| UPDATE `wp_posts` | |
| SET `post_content` = ( REPLACE (`post_content`, "src='http://", "src='//") ) | |
| WHERE INSTR(`post_content`, 'jpeg') > 0 | |
| OR INSTR(`post_content`, 'jpg') > 0 | |
| OR INSTR(`post_content`, 'gif') > 0 | |
| OR INSTR(`post_content`, 'png') > 0; |