Gym and fitness studio WiFi — equipment and members

A boutique gym buying a single Peloton Bike+ in 2024 paid about $2,495 for the hardware and another roughly $44 a month for the All-Access Membership that unlocks the rides. Without a working network connection, that bike does almost nothing — the touchscreen sits on a sign-in screen, the leaderboard is empty, the on-demand library refuses to load, and the member who booked the 9am class stands next to it pressing the screen with a towel on their shoulder. The same is true for a Mirror, a Tonal, a Hydrow, a NordicTrack iFit treadmill, a Technogym Skillrun, and the half-dozen other connected machines a modern studio runs. Gym and fitness studio WiFi has stopped being an amenity for members' phones. It is now operating infrastructure for the equipment on the floor.

That double duty — phones in pockets and screens on machines — is the part most gyms get wrong. They print the network name and password on a laminated card behind the front desk, point to it when someone asks, and never think about it again. The card works in 2017. It does not work for a Peloton that needs to re-authenticate after a software update, for a member who wants to join the network before their 6am class without waking the desk staff, or for the floor manager who has to type a 16-character password into a stationary bike's on-screen keyboard while a queue builds behind them. There is a better setup. It costs almost nothing to ship and it pays back in a single quarter.

The two audiences a fitness-studio network actually serves#

Walk a studio floor at 7am and count the WiFi clients in the room. A 1,500-square-foot boutique studio with twelve connected machines and forty members in a class is running fifty-plus clients on the network at peak. The clients split into two populations with very different needs, and the WiFi handover for each population needs different handling.

Members on phones. The 6am class regular who wants their podcast on their Bluetooth earbuds, the parent who needs to keep an eye on a school pickup notification, the post-workout regular who's posting their split time to a friend. None of them want to ask. All of them remember whether or not you made it easy. The cost of getting this wrong is reputation — the kind of low-grade friction that shows up in a Google review six months later as "great trainers, terrible WiFi" without specifying what went wrong.

Connected equipment. The Peloton bike that needs the network to authenticate its rider, fetch their class history, and stream HD video for the next forty minutes. The Mirror that needs to download the workout the instructor selected before the class starts. The smart treadmill that pulls iFit content from the cloud. The Technogym console that uploads workout data to the operator's CRM. Equipment cannot tap "reveal password". Equipment cannot ask the front desk. Equipment hits a sign-in screen and either gets credentials handed to it correctly the first time or sits useless until someone with the right phone walks over.

The fix is not "make the password easier". It is to recognise that you are running two networks for two audiences with two different rotation schedules. Members get a guest network with credentials that can rotate monthly without anyone caring. Equipment gets its own SSID — sometimes the existing operator network, sometimes a dedicated "Equipment" SSID — that you never rotate without a planned maintenance window because every console on the floor depends on it. Mixing the two is the single most common mistake a studio owner makes when they bring an IT contractor in to "fix the WiFi", and it shows up as connected machines silently dropping off the network at 2am when the guest password rotates on a schedule.

What the equipment actually needs#

Each connected machine has a slightly different sign-in flow. The shape of the network they all need is the same — stable WPA2 or WPA3 personal credentials, on a 2.4GHz or 5GHz band depending on the machine, in a room with enough signal that the camera array on the front of the screen doesn't drop frames. The details matter once.

Peloton Bike, Bike+, Tread, Row. The hardware needs a 2.4GHz or 5GHz network with WPA2-Personal at minimum. Peloton's own setup documentation lists about 25 Mbps of download as the floor for HD video, with 5 Mbps the absolute minimum for SD fallback. The bikes do not handle WPA-Enterprise. They cannot get past a captive portal that asks them to tick a box. The screen will sit on "connecting" indefinitely if the network it's connecting to wants any handshake beyond a static password.

Mirror by lululemon. Same constraints — WPA2-Personal, no captive portals, no enterprise. Mirror specifies a 12 Mbps connection as the floor and recommends 25 Mbps for the live-class feature.

Tonal. Lists a 25 Mbps recommended minimum and supports both 2.4GHz and 5GHz on 802.11n or better. Same hard "no" on enterprise and captive portals.

Smart treadmills with iFit (NordicTrack, ProForm, FreeMotion). All need a residential-style network. The iFit support documentation explicitly notes that the consoles cannot complete the sign-in flow on captive-portal networks like those found in hotels or some commercial gyms.

Technogym Skillrun, Skillbike, Excite. Slightly more flexible — Technogym's commercial-tier consoles can speak WPA2-Enterprise in newer firmware revisions. The older ones (anything pre-2022) need WPA2-Personal like everything else.

The pattern is consistent enough to make planning easy. Equipment wants WPA2-Personal, stable credentials, no captive portal, and enough bandwidth that the video doesn't stutter. A 100/100 Mbps fibre line covers six to twelve connected machines comfortably with headroom for member phones; a 250 Mbps line is the floor for a studio running twenty-plus connected machines on a busy evening. Anything less and the support tickets start: "the bike froze halfway through my Tabata", "the screen is on, but I cannot log in".

The other thing equipment wants is a placement decision the IT person needs to make once. Connected bikes and rowers are heavy steel structures that sit on the floor and don't move. Put an access point above each cluster of three to six machines, on the ceiling, with a line of sight to the screen at the front of each bike. Do not rely on a single router in the office to push signal through four walls and a free-weight rack. The cost difference between three properly-placed ceiling access points and a single consumer router is about $400 in equipment plus a couple of hours of installation. The cost difference in member experience is the gap between "great gym" and "the bikes keep crashing".

Two SSIDs, two rotation schedules, no exceptions#

The argument for splitting the network into a guest SSID and an equipment SSID is operational, not theoretical. Member-facing credentials need to rotate. Equipment-facing credentials must not rotate without warning. Run them on one network and you cannot have both.

Member-facing rotation matters because of three things: staff turnover (a barista or front-desk worker leaving still has the credentials on their phone), credential leakage (a member screenshots the password and posts it in a WhatsApp group — and any photo of the locker-room card published anywhere leaks the printed WIFI: URI in plaintext for the same reason the WiFi QR code security post lays out), and routine hygiene. Once a month is a reasonable cadence for a busy studio. Quarterly is fine for a small one. The math is the same — every rotation, every printed table tent or locker card that hardcoded the password is suddenly wrong, every existing member's saved network now fails, and the front desk gets a queue of "WiFi's broken" questions for a week. The dynamic-page pattern explained in share without sharing and the dynamic WiFi QR codes piece makes this cost go to zero — the QR keeps working, the page serves the current credentials, the print run on the locker doors stays valid.

Equipment-facing rotation is a different problem entirely. A Peloton, a Mirror, a Tonal — each one stores the network credentials it joined with and reconnects automatically. If you rotate the equipment SSID at 2am because that's when the script runs, every console on the floor wakes up disconnected. Some of them will sit on a sign-in screen until staff manually re-enters the new password on each. That is a forty-minute job for ten machines and a tetchy operations manager who shows up to find half the floor unusable. The discipline is simple: schedule equipment-SSID rotations only inside a documented maintenance window, ideally during a closed period, with a checklist of every machine that needs to be re-authorised after the change.

Member credentials should be cheap to rotate. Equipment credentials should be cheap to keep stable. One network can do one of those well. Two networks can do both.

The hardware to run two SSIDs is not exotic. Any modern router or mesh system — Ubiquiti UniFi, TP-Link Omada, Aruba Instant On, even the consumer-grade Eero Pro — supports guest networks as a feature. The setup is a single configuration: name the network, set the password, choose which radios it broadcasts on, decide whether to enable client isolation. Twenty minutes of work, once, then it runs.

The branded WiFi page does three jobs for free#

The other half of this setup is the page the member's phone lands on after they scan the QR. The page is the surface that does the actual work of turning WiFi access into something that drives a measurable outcome — a class booking, a supplement signup, a member-referral click. Most studios skip this part entirely. They print a static WIFI:T:WPA;S:Studio_Guest;P:Spring2026;; QR on a card, the phone joins the network in three seconds, and that's it. End of interaction.

A branded WiFi page changes that ending. The same QR resolves to a URL on the studio's own subdomain — wifi.crossfitexample.com, say — which serves a hosted welcome page. The page does three things: reveals the password with a tap, copies it to clipboard with a second tap, and surfaces two or three onward links the member is statistically likely to want.

Which links? Three options that pay back. Class bookings. A "Book your next class" button that opens the studio's booking app — Mindbody, Wodify, Glofox, or whatever runs the schedule. A member sitting on the bench with their phone open at the end of class is the highest-intent moment they will have until they walk back in the door next week. Supplement upsell. A "Recover faster — shop our line" link if the studio sells protein, BCAAs, or anything else with margin. The bench-rest moment is when the protein decision gets made. The member-referral link. A "Bring a friend — get a month free" link that opens the studio's referral landing or copies a unique code to the member's clipboard.

All three of those clicks are measurable on the dashboard side. The studio operator can see how many members scanned, how many revealed the password, how many tapped through to the booking app, and how that varies by day-of-week and time-of-day. The point isn't surveillance. The point is to know whether the WiFi card is doing work or just sitting there. A page that drives twenty class bookings a month is a recruiter you do not have to pay. A page that drives zero is a print job you can fix in an afternoon.

The other reason the page matters is the URL preview shown on the phone before it opens. A QR that resolves to wifi.crossfitexample.com/guest reads as the studio you trust. A QR that resolves to qr-gen-server-22.somethingelse.io/?abc=def reads as a phishing attempt, and a non-trivial fraction of members will cancel the scan when they see it. The trust signal is in the domain on the URL, not in anything you can change on the print. The walkthrough lives in setting up a custom short-link domain, and the broader case in why your domain beats bit.ly.

Where to put the QR on the floor#

Hotels have the keycard sleeve. Cafés have the table card. A gym has a different geometry, and the placements that work are different.

Locker doors. The single best surface in most studios. A member scans the QR after they've changed and before they hit the floor — phone in hand, attention on the small magnetic plate at eye level, two seconds of dwell. The card stock is small, the print survives a year of bag-zips and elbows, and the surface is in front of every member every visit.

The class-check-in screen or front-desk card. A QR sticker on the iPad or laminated tent next to the check-in tablet. The member is already paying attention to that surface when they walk in; adding the QR there costs nothing.

On the bench or weight rack at the start of a circuit. A small vinyl or printed card stuck to the upright post of a piece of equipment. Slightly more weathered than a locker placement, but useful in a studio where members move through stations and might not have joined the network until they're already mid-floor.

In the welcome email for new sign-ups. The first email a new member gets, with a one-line "your studio WiFi is ready to join" and a QR they can scan from a different device. The QR feels small in email, but it works for the home-laptop-on-the-couch first scan before they ever walk in.

Bathroom mirror or door. The dressing-room mirror gets two minutes of staring per visit. Stick a small WiFi QR on the corner. Some studios go further and add a "How are you feeling today?" survey link next to it, with a small in-page form that feeds back to the staff. Skip the survey, keep the WiFi card — the bathroom QR is a backup, not a primary, but it picks up members who skipped the locker placement.

What does not work: large posters on the wall near the entry, vinyl decals on the floor (mopping kills them in six months), and any placement above seven feet of height (above eye level means it's never read). The free-weight area is also a non-starter — members are concentrating on their lift, sweating, and not in a mood to point a phone at anything.

The studio audit — score your own setup#

Drop your current setup into the checklist below. Tick what's done. The verdict updates with your score and points at the next gap. State persists in your browser so you can come back to it.

A score of four to six usually means the network is split correctly but the print is still static. Seven to nine means the print is right and the page is missing the conversion links. Ten means the studio has run the whole loop. Most independents start around three.

The franchise and multi-location case#

Independent studios run one router and one welcome page. Franchise networks — the F45 model, the Orangetheory model, the OneLife Fitness model — have a slightly harder problem because the brand is consistent across locations but the credentials, the booking link, and sometimes the local member-referral page are different per studio.

The pattern that works mirrors the multi-property hotel setup. A parent account at HQ owns the page template — brand colours, copy, the layout of the three onward links. Each location is a child record with its own SSID, password, booking-app URL, and local-referral link. The HQ team updates the template once and every location inherits the change. The local studio manager updates the password when their staff changes and only their location is affected. The platform-side framing of this same parent-and-child pattern is in why your QR code platform should also handle short links and the WiFi QR codes docs walk through the dashboard side. Studios running affiliate-style member referrals can stack the agency-tier branded QR pattern on top, which keeps each location's referral funnel measurable inside the same dashboard.

For franchise IT teams, the equipment side is its own problem. Each location's equipment SSID needs the same naming convention — Studio_Equipment_LocationCode is a reasonable pattern — so that when a piece of equipment is moved between locations, the network team knows where to send the credentials. Some chains run a single overlay SSID across all locations using a cloud-managed network controller (Meraki, UniFi Cloud Console). That works, but it has its own failure mode — if the controller goes down, every location's equipment loses sign-in capability simultaneously.

What the equipment vendors charge for "support"#

A gym calling Peloton's commercial-fitness support line in 2025 because the bikes will not authenticate gets a few options. The free path: a 30-minute phone diagnosis with a tier-one agent who will ask about the router, the password, and whether you tried turning it off and on again. Often that gets the bike back. Sometimes it does not. The paid path: a $150-$400 on-site visit from a Peloton-certified technician who will plug into the network from the bike's wired port and tell you the same thing — your WiFi is misconfigured.

The math is consistent across vendors. Mirror's commercial-tier support, Tonal's commercial support, Technogym's service plans — all of them treat network configuration as your problem, not theirs. The vendors will spec the network the equipment needs; they will not maintain it for you. A studio that runs the two-SSID split and the bandwidth math correctly never sees those support calls. A studio that runs everything on one consumer router has them as a routine line item.

The honest cost of a properly designed studio network — two SSIDs, three ceiling access points, a 250 Mbps line, the branded WiFi page running on a custom subdomain — is roughly $800 in equipment plus a couple of hundred a month in ISP fees. The cost of a single quarter of "the bikes keep dropping off" Google reviews, plus three vendor call-outs, plus the unmeasured churn from members who quietly moved to the studio down the street, is dramatically higher. The free WiFi QR code generator handles the page side; the general-purpose QR code generator covers the rest of the visual surface you'll inevitably need for class promo and supplement upsell.

Privacy, safety, and what to actually worry about#

Three real concerns worth designing against on a studio network. Member privacy first.

Member device privacy. A guest network with client isolation enabled means devices on the WiFi cannot see each other or the rest of the network. This matters more than most studio owners realise — a member running a slightly old laptop with a printer or file-share service exposed is otherwise visible to every other person on the network. Client isolation is one toggle on every modern router. Switch it on.

Equipment-side data privacy. Every connected machine uploads workout data to the vendor's cloud. That includes heart rate, workout duration, sometimes weight, sometimes biometric video. The studio is not the data controller for that flow — the vendor is — but the studio's WiFi terms-of-use page should note that members using connected equipment are subject to that vendor's privacy terms. The acceptable-use notice on the welcome page is the right place for the boilerplate. Keep it short, link to the relevant vendor terms, do not pretend the studio is the data controller for something it is not.

Sticker-overlay attacks on the QR. Someone walks into the studio, sticks a QR sticker over the legitimate one on a locker door, and the new code points at a phishing version of the page that captures device data. Defences: laminate the QR cards so a sticker peels obviously, run the page on a custom subdomain so the URL preview is the gym's domain (members can sense-check it), and rotate the print run every six to twelve months so any tampered surface gets replaced. The risk is real but small, and the cheapest mitigation is the laminate.

The broader hygiene around dynamic redirectors — admin two-factor on the dashboard, audit logs of who changed what, custom domains for trust — applies the same as on any other QR project. Nothing here is gym-specific.

What we ship for fitness studios#

The Linked.Codes designer covers everything described above as default behaviour. WiFi QR codes are dynamic — they encode a URL on the studio's custom domain that resolves to a welcome page the operator controls. The page template is editable from the dashboard with studio name, network name, password, and three onward links. Reveal-the-password and copy-to-clipboard are baked in. Franchise-style multi-location setups run from one parent account with child records per studio. Rotation is a single edit. Scan-to-click analytics show how many members clicked through to class bookings, supplements, or the referral page. The lifetime tier covers a single studio's needs without an ongoing fee; the pricing page shows the current figure if you want to size it against the cost of one Peloton call-out.

If you have been printing a static WIFI: URI on table tents and reprinting after every password rotation, the dynamic switch pays back in the first quarter. The first month's drop in front-desk "what's the WiFi" questions is the second smaller win. The class-booking clicks the welcome page drives — once you start measuring them — are the third, and they're the one that turns the WiFi card from a chore into an asset.