diff --git src/wp-includes/post.php src/wp-includes/post.php
index 39eb6a3..be1d71a 100644
--- src/wp-includes/post.php
+++ src/wp-includes/post.php
@@ -4946,6 +4946,23 @@ function wp_get_attachment_url( $post_id = 0 ) {
 		$url = get_the_guid( $post->ID );
 	}
 
+	// split the URL to see what scheme is being returned
+	list( $scheme, $path ) = explode( ':', $url, 2 );
+
+	// Force the url into an https scheme when we're in SSL and it is safe to do so
+	if ( is_ssl() && ($scheme = 'http') ) {
+
+		$ssl_url = 'https:' . $path;
+		$http = wp_remote_get( $ssl_url );
+
+		// if the HTTP request over SSL succeeds, use https
+		if ( ! is_wp_error( $http ) ) {
+			$scheme = 'https';
+		}
+	}
+
+	$url = set_url_scheme( $url, $scheme );
+
 	/**
 	 * Filter the attachment URL.
 	 *
diff --git tests/phpunit/tests/post/attachments.php tests/phpunit/tests/post/attachments.php
index d079654..bd72f22 100644
--- tests/phpunit/tests/post/attachments.php
+++ tests/phpunit/tests/post/attachments.php
@@ -278,4 +278,62 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
 		$this->assertEquals( $attachment->post_parent, $post_id );
 	}
 
+	/**
+	 * @ticket 15928
+	 */
+	public function test_wp_get_attachment_with_https_off() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		$is_ssl = is_ssl();
+		$_SERVER['HTTPS'] = 'off';
+
+		// Test that wp_get_attachemt_url returns with http scheme
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertSame( set_url_scheme( $url, 'http' ), $url );
+
+		// Cleanup
+		$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+	}
+
+	/**
+	 * @ticket 15928
+	 */
+	public function test_wp_get_attachment_url_with_https_on() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		$is_ssl = is_ssl();
+		$_SERVER['HTTPS'] = 'on';
+
+		// test to make sure the site front can actually be loaded over SSL
+		$ssl_url = get_site_url( null, null, 'https' );
+		$http = wp_remote_get( $ssl_url );
+		
+		if ( is_wp_error( $http ) ) {
+			$scheme = 'http';
+		} else {
+			$scheme = 'https';
+		}
+
+		// Test that wp_get_attachemt_url returns with https scheme
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertSame( set_url_scheme( $url, $scheme ), $url );
+
+		// Cleanup
+		$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+	}
+
 }