I’d previously written a post about forcing the WordPress Media button to insert protocol relative links when running a website as HTTPS-everywhere. Upon further research it turns out that doing so is no longer considered best practice. Paul Irish points out that for security reasons, if an asset is available over
https:// then it should be served that way.
Okay, so let’s revise that code a bit to force the WordPress media button to insert
https:// instead. Put the following code in either
functions.php or you own custom functions plugin: