I’ve been testing pages and files on various sites of mine to make sure they always use HTTPS (not insecure HTTP).
WordPress sites turn out to have an annoying tendency to ignore the root’s .htaccess file in which you have added code to supposedly force all files and pages to use HTTPS.
If you don’t fix that, a URL to a WordPress post or page pasted into the browser address bar will open insecurely.
NOTE: Do not ignore what he says about your WordPress cache. I had to manually change an http: to https: in the settings for the WP Super Cache CDN. Before I did so, my blog was wrecked and unreadable!