This information is straight out of an excellent post on CSS-Tricks about moving to HTTPS on WordPress, but the information is so valuable that I felt it bears repeating.
Source attributes for images within WordPress are fully qualified HTTP URLs. In order to eliminate the explosion of mixed content warnings, after a site has been migrated to HTTPS, run the following SQL statements to convert references to http://
to the protocol relative //
// image src in double quotes | |
UPDATE `wp_posts` | |
SET `post_content` = ( REPLACE (`post_content`, 'src="http://', 'src="//') ) | |
WHERE INSTR(`post_content`, 'jpeg') > 0 | |
OR INSTR(`post_content`, 'jpg') > 0 | |
OR INSTR(`post_content`, 'gif') > 0 | |
OR INSTR(`post_content`, 'png') > 0; | |
// image src in single quotes | |
UPDATE `wp_posts` | |
SET `post_content` = ( REPLACE (`post_content`, "src='http://", "src='//") ) | |
WHERE INSTR(`post_content`, 'jpeg') > 0 | |
OR INSTR(`post_content`, 'jpg') > 0 | |
OR INSTR(`post_content`, 'gif') > 0 | |
OR INSTR(`post_content`, 'png') > 0; |