Julian Kessel's Blog

If you want to get WordPress to support HTTPS without any unencrypted content being transferred to the client and included from the browser, you have to force WordPress to change the siteUrl depening on the request schema which comes from the client.
The basis for my small addition below is this post: https://prosauce.org/blog/2010/08/enable-complete-support-for-ssl-on-wordpress/
It explains how to do the changes described briefly above.

What’s still left is that for whatever reason, WP doesn’t make the pingback URL relative to the site_url we did set with the trick in the post, so we have to change that little line to in wp-includes/general-template.php to the following.

case 'pingback_url':
$output = /*get_option('siteurl') */ site_url().'/xmlrpc.php';
break;