diff --git src/wp-includes/post.php src/wp-includes/post.php
index f97318e..4d201b3 100644
--- src/wp-includes/post.php
+++ src/wp-includes/post.php
@@ -4944,6 +4944,9 @@ function wp_get_attachment_url( $post_id = 0 ) {
 		$url = get_the_guid( $post->ID );
 	}
 
+	// Match the current scheme.
+	$url = set_url_scheme( $url );
+
 	/**
 	 * Filter the attachment URL.
 	 *
diff --git tests/phpunit/tests/post/attachments.php tests/phpunit/tests/post/attachments.php
index d079654..7c4fb06 100644
--- tests/phpunit/tests/post/attachments.php
+++ tests/phpunit/tests/post/attachments.php
@@ -278,4 +278,53 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
 		$this->assertEquals( $attachment->post_parent, $post_id );
 	}
 
+	/**
+	 * @ticket 15928
+	 */
+	public function test_wp_get_attachment_with_https_off() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		$is_ssl = is_ssl();
+		$_SERVER['HTTPS'] = 'off';
+
+		// Test that wp_get_attachemt_url returns with http scheme
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertSame( $url, set_url_scheme( $url, 'http' ) );
+
+		// Cleanup
+		$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+	}
+
+	/**
+	 * @ticket 15928
+	 */
+	public function test_wp_get_attachment_url_with_https_on() {
+		$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+		$contents = file_get_contents( $filename );
+
+		$upload = wp_upload_bits( basename( $filename ), null, $contents );
+		$this->assertTrue( empty( $upload['error'] ) );
+
+		// Set attachment ID
+		$attachment_id = $this->_make_attachment( $upload );
+
+		$is_ssl = is_ssl();
+		$_SERVER['HTTPS'] = 'on';
+
+		// Test that wp_get_attachemt_url returns with https scheme
+		$url = wp_get_attachment_url( $attachment_id );
+		$this->assertSame( $url, set_url_scheme( $url, 'https' ) );
+
+		// Cleanup
+		$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+	}
+
 }
+