Optional Weblate modules

Weblate comes with several optional modules which might be useful for your setup.

Git exporter

New in version 2.10.

The Git exporter provides you read only access to the underlaying Git repository using http.


To install, simply add weblate.gitexport to installed applications in settings.py:


After installing, you need to migrate your database so that existing repositories are properly exported:

./manage.py migrate


The module automatically hooks into Weblate and sets exported repository URL in the Component configuration. The repositories are accessible under /git/ path of the Weblate, for example https://example.org/git/weblate/master/:

git clone 'https://example.org/git/weblate/master/'

Repositories are available anonymously unless Per project access control is enabled. In that case you need to authenticate using your API token (you can obtain it in your User profile):

git clone 'https://user:[email protected]/git/weblate/master/'


New in version 2.4.

Billing module is used on Hosted Weblate and is used to define billing plans, track invoices and usage limits.


To install, simply add weblate.billing to installed applications in settings.py:


This module includes additional database structures, to have them installed you should run the database migration:

./manage.py migrate


After installation you can control billing in the admin interface. Users with billing enabled will get new Billing tab in their User profile.


Weblate comes with built in support for showing user avatars based on emails. This can be disabled using ENABLE_AVATARS. The avatars are downloaded and cached server side to reduce information leaks to the sites serving them.

Weblate currently supports single backend:

Spam protection

Optionally Weblate can be protected against suggestion spamming by unauthenticated users through akismet.com service.

To enable this, you need to install akismet Python module and configure Akismet API key.

See also


Signing Git commits by GnuPG

New in version 3.1.

Weblate allows you to sign all commits by it’s GnuPG key. To configure this, you need to enable WEBLATE_GPG_IDENTITY. Weblate will generate GnuPG key when needed and will use it to sign all translation commits.

This feature needs GnuPG 2.1 or newer installed.

You can find the key in the DATA_DIR and the public key is shown on the about page:


Alternatively you can also import existing keys into Weblate, just set HOME=$DATA_DIR/home when invoking gpg.

Rate limiting

Changed in version 3.2: The rate limiting now accepts more fine grained configuration.

Several operations in Weblate are rate limited. At most RATELIMIT_ATTEMPTS attempts are allowed within RATELIMIT_WINDOW seconds. The user is then blocked for RATELIMIT_LOCKOUT. There are also per scope variants of those settings, eg. RATELIMIT_CONTACT_ATTEMPTS, see scopes below.

Following operations are subject to rate limiting:

  • Registration (REGISTRATION scope)
  • Sending message to admins (MESSAGE scope)
  • Password authentication on login (LOGIN scope)
  • Sitewide search (SEARCH scope)

Additionally if there are more than AUTH_LOCK_ATTEMPTS failed authentication attempts on one account, this account password authentication is disabled and it’s not possible to login until user asks for password reset.

IP address for rate limiting

The rate limiting is based on client IP address. This is obtained from HTTP headers and you will have to change configuration in the event Weblate is running behind reverse proxy to work it properly.