The issue is that get_option(‘siteurl’) is not filtered using is_ssl() to ensure the proper URL scheme. This means that any plugin (or theme or whatever) that makes use of a defined URL will always reference http instead of properly switching to https, since the defined URLs are always based on WP_CONTENT_URL (such as WP_PLUGIN_URL).
The proper fix for this would be for WP to modify their ‘wp-includes/default-filters.php’ file to have the filter listed below, but for now the easiest thing for you to do is to paste the code below in to your wp-settings.php file, just above the first reference to “WP_CONTENT_URL” (which is line 390 in WP ver 2.9).
Search for:
if ( !defined('WP_CONTENT_URL') )
define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content'); // full url - WP_CONTENT_DIR is defined further up
Replace with:
// Fix the URL root for SSL
function fix_ssl_siteurl($url) {
$scheme = (is_ssl() ? 'https' : 'http');
if(0 === strpos($url, 'http')) {
if(is_ssl())
$url = str_replace('http://', "{$scheme}://", $url);
}
return $url;
}
add_filter('option_siteurl', fix_ssl_siteurl);
add_filter('option_home', fix_ssl_siteurl);
if ( !defined('WP_CONTENT_URL') )
define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content'); // full url - WP_CONTENT_DIR is defined further up
