Title: Invalid Provider
Last modified: July 10, 2026

---

# Invalid Provider

 *  Resolved [alan](https://wordpress.org/support/users/f1alan/)
 * (@f1alan)
 * [6 days ago](https://wordpress.org/support/topic/invalid-provider-2/)
 * I’m currently on v3.1.1.2 and I tested v4.0.0 on our local mirror but got an “
   invalid provider” error. Currently on WordPress 7.0.0.
 * I was able to login once after the update but after choosing to keep the legacy
   UI, I logged out and logged in again and got the “invalid provider” error. I 
   tried switching to the new UI and that didn’t have the problem. I wasn’t confident
   enough to immediately move to the new UI so I have stayed on v3.1.1.2 for now.
 * Is there any explanation for this difference between UI modes?

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [Lucian Padureanu](https://wordpress.org/support/users/lucianwpwhite/)
 * (@lucianwpwhite)
 * [3 days, 8 hours ago](https://wordpress.org/support/topic/invalid-provider-2/#post-18963310)
 * Hello [@f1alan](https://wordpress.org/support/users/f1alan/) !
   That’s really 
   unexpected for sure. I wasn’t able to reproduce this behavior on my end, so I’d
   like to gather a bit more information to help us narrow it down.
 * Could you please let us know:
    - Which type of Passkey provider are you using (e.g. platform passkey such as
      Windows Hello, Touch ID, Face ID, or a security key such as YubiKey)?
    - Could you open your browser’s Developer Tools (F12), reproduce the issue, 
      and share any errors shown in the **Console** tab?
    - Are you using the native WordPress login page, or a custom login form/page?
      If it’s a custom login, does the same issue occur on the default WordPress
      login page as well?
    - Which PHP version is the site running?
    - Are you using a 2FA method along with the passkeys or just passkeys alone?
      Can you elaborate on the method used if that’s the case etc.
    - Finally, can you confirm which WP 2FA version you upgraded from before testing
      4.0.0?
 * Once we have this information, we’ll be in a much better position to investigate
   the cause of the “invalid provider” error.
 *  Thread Starter [alan](https://wordpress.org/support/users/f1alan/)
 * (@f1alan)
 * [3 days ago](https://wordpress.org/support/topic/invalid-provider-2/#post-18963891)
 * Thank you for your quick reply. Here are my answers to your questions.
    - Which type of Passkey provider are you using (e.g. platform passkey such as
      Windows Hello, Touch ID, Face ID, or a security key such as YubiKey)?
       * We don’t currently use Passkeys.
    - Could you open your browser’s Developer Tools (F12), reproduce the issue, 
      and share any errors shown in the **Console** tab?
       * All I see in the console is “/wp-login.php?action=validate_2fa 500 (Internal
         Server Error)”.
    - Are you using the native WordPress login page, or a custom login form/page?
      If it’s a custom login, does the same issue occur on the default WordPress
      login page as well?
       * We do use a custom login page and the WPS Hide Login plugin ([https://en-gb.wordpress.org/plugins/wps-hide-login](https://en-gb.wordpress.org/plugins/wps-hide-login)).
         However, I have been able to reproduce it with these disabled. We do have
         a lot of other plugins so there could be some conflict. One possibility
         is [https://en-gb.wordpress.org/plugins/wp-hide-security-enhancer](https://en-gb.wordpress.org/plugins/wp-hide-security-enhancer)
         but it is not so easy to disable for debugging.
    - Which PHP version is the site running?
       * This is on PHP 8.2.29.
    - Are you using a 2FA method along with the passkeys or just passkeys alone?
      Can you elaborate on the method used if that’s the case etc.
       * We only use the 6-digit 2FA method.
    - Finally, can you confirm which WP 2FA version you upgraded from before testing
      4.0.0?
       * 3.1.1.2
 * Some further information. The way that I have been reproducing the problem is
   to select the option to stick with the current UI that pops up after the initial
   upgrade. Whilst still logged into the dashboard, I tried changing to the new 
   UI from the plugin settings then I no longer get “invalid provider”, but I am
   not prompted for a 2FA code either. Also, I can’t re-enter the WP-2FA settings
   page after doing this (it just redirects to my user profile settings). The only
   way that I can successfully select the new UI is when I do it from the initial
   popup.
 *  Plugin Support [Lucian Padureanu](https://wordpress.org/support/users/lucianwpwhite/)
 * (@lucianwpwhite)
 * [3 days ago](https://wordpress.org/support/topic/invalid-provider-2/#post-18963898)
 * Hello [@f1alan](https://wordpress.org/support/users/f1alan/),
 * Thank you for the detailed answers, this helps a lot. The fact that you get “
   invalid provider” while only using TOTP method (and no passkeys at all) is exactly
   the odd part, and the 500 on `validate_2fa` tells us something is failing server
   side rather than in the browser.
 * You are describing two separate problems here (the “invalid provider” error on
   the legacy UI, and the new UI not prompting for 2FA plus the settings page redirecting
   to your profile), so let’s start with the first one and dig into that 500 error:
    1. Please enable debug logging by adding this to your wp-config.php:
 *     ```wp-block-code
       define( 'WP_DEBUG', true );
       define( 'WP_DEBUG_LOG', true );
       define( 'WP_DEBUG_DISPLAY', false );
       ```
   
    2. Reproduce the “invalid provider” error, then check `wp-content/debug.log` and
       paste the PHP error(s) logged at that moment. That 500 will have a fatal error
       or exception behind it, and that is the single most useful thing you can send
       us.
    3. A screenshot of the login screen at the moment “invalid provider” appears would
       also help, so we can see exactly where in the flow it happens.
    4. Does this happen for all users on the site, or just your account? And if you
       temporarily enable another 2FA method (for example email OTP) for a test user,
       does that method fail the same way, or is it only TOTP?
 * On the plugin conflict side, I agree wp-hide-security-enhancer is a reasonable
   suspect, since it rewrites login paths and filters exactly the kind of requests
   involved here. I understand it is not easy to disable, so let’s look at the debug.
   log first, as it may point us straight at the culprit without needing to touch
   it.
 * The new UI behaviour you describe (no 2FA prompt and the settings page redirecting
   to your profile) is also not expected, and the fact that it only works when selected
   from the initial popup is a really useful detail. 
   Let’s get to the bottom of
   the 500 first, since there is a fair chance the two share the same root cause.
 *  Thread Starter [alan](https://wordpress.org/support/users/f1alan/)
 * (@f1alan)
 * [2 days, 5 hours ago](https://wordpress.org/support/topic/invalid-provider-2/#post-18964587)
 * Hi [@lucianwpwhite](https://wordpress.org/support/users/lucianwpwhite/),
 * Thanks, the debugging tips that you provided were very helpful and I was able
   to pinpoint the issue on our server. The clue was in “/wp-content/plugins/wp-
   2fa/includes/classes/bacon/bacon-qr-code/src/Renderer/Image/SvgImageBackEnd.php”(
   lines 39-41) as it was looking for the XMLWriter class. The version of PHP on
   our local mirror was not built with –enable-xmlwriter. This became obvious when
   I created a test user and then couldn’t see the QR code to setup 2FA for it (
   as it needs XMLWriter to generate the image).
 * This has never been a problem as we haven’t needed to scan the QR code on this
   local server before – it is usually done on the live server and therefore already
   configured by time it is mirrored. However, I rebuilt PHP with –enable-xmlwriter
   and the problem is resolved.
 * Although I chose to keep the legacy UI, something must have changed as even though
   I didn’t have XMLWriter, it didn’t affect the login flow before. I don’t expect
   it will be a common issue but I hope this information is helpful. Edit: I tried
   to paste the error that I saw below for completeness but I don’t think it came
   through (it simply said “WP-2FA: Please contact the administrator for further
   assistance! Invalid provider.”).
 * ![](https://wordpress.org/c15bfd61-ced5-4e97-bc3b-19c8372e6f12)
    -  This reply was modified 2 days, 5 hours ago by [alan](https://wordpress.org/support/users/f1alan/).
    -  This reply was modified 2 days, 5 hours ago by [alan](https://wordpress.org/support/users/f1alan/).
 *  Plugin Support [Lucian Padureanu](https://wordpress.org/support/users/lucianwpwhite/)
 * (@lucianwpwhite)
 * [2 days, 2 hours ago](https://wordpress.org/support/topic/invalid-provider-2/#post-18964758)
 * Thank you so much for the feedback, [@f1alan](https://wordpress.org/support/users/f1alan/)!
   I’m really happy to hear everything is working again, and I’m confident this 
   conversation will help other users who might run into something similar.
 * It’s a bit unexpected what could have caused this, especially since nothing has
   changed on our end regarding passkeys. For now, we’ll treat it as an edge case
   and keep an eye out for any similar reports so we can investigate further if 
   needed.
 * I also wanted to thank you for all the time and effort you put into helping us
   debug this. The additional details you shared were extremely valuable, and we’ve
   noted everything down. We’ll do our best to improve the experience and prevent
   similar issues in future releases.
 * Finally, if you’ve been happy with both the plugin and the support you’ve received,
   we’d really appreciate it if you could leave us a review. It only takes a minute,
   and it genuinely helps us out:
 * [https://wordpress.org/support/plugin/wp-2fa/reviews/#new-post](https://wordpress.org/support/plugin/wp-2fa/reviews/#new-post)
 * Thanks again, and if you run into anything else, don’t hesitate to let us know!

Viewing 5 replies - 1 through 5 (of 5 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Finvalid-provider-2%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/wp-2fa/assets/icon-256x256.png?rev=2961533)
 * [WP 2FA - Two-factor authentication for WordPress](https://wordpress.org/plugins/wp-2fa/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-2fa/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-2fa/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-2fa/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-2fa/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-2fa/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [Lucian Padureanu](https://wordpress.org/support/users/lucianwpwhite/)
 * Last activity: [2 days, 2 hours ago](https://wordpress.org/support/topic/invalid-provider-2/#post-18964758)
 * Status: resolved