Optional Weblate modules

Weblate comes with several optional modules which might be useful for your setup.

Git exporter

New in version 2.10.

The Git exporter provides you read only access to the underlying Git repository using HTTP.


To install, simply add weblate.gitexport to installed applications in settings.py:


After installing, you need to migrate your database so that existing repositories are properly exported:

weblate migrate


The module automatically hooks into Weblate and sets exported repository URL in the Component configuration. The repositories are accessible under /git/ path of the Weblate, for example https://example.org/git/weblate/master/:

git clone 'https://example.org/git/weblate/master/'

Repositories are available anonymously unless Per project access control is enabled. In that case you need to authenticate using your API token (you can obtain it in your User profile):

git clone 'https://user:KEY@example.org/git/weblate/master/'


New in version 2.4.

Billing module is used on Hosted Weblate and is used to define billing plans, track invoices and usage limits.


To install, simply add weblate.billing to installed applications in settings.py:


This module includes additional database structures, to have them installed you should run the database migration:

weblate migrate


After installation you can control billing in the admin interface. Users with billing enabled will get new Billing tab in their User profile.

The billing module additionally allows project admins to create new projects and components without being superusers (see Adding translation projects and components). This is possible when following conditions are met:

  • The billing is in it’s configured limits (any overusage results in blocking of project/component creation) and paid (if it’s price is non zero)
  • The user is admin of existing project with billing or user is owner of billing (the latter is necessary when creating new billing for users to be able to import new projects).

Upon project creation user is able to choose which billing should be charged for the project in case he has access to more of them.


Weblate comes with built in support for showing user avatars based on e-mails. This can be disabled using ENABLE_AVATARS. The avatars are downloaded and cached server side to reduce information leaks to the sites serving them.

Weblate currently supports single backend:

Spam protection

Optionally Weblate can be protected against suggestion spamming by unauthenticated users through akismet.com service.

To enable this, you need to install akismet Python module and configure Akismet API key.

See also


Signing Git commits by GnuPG

New in version 3.1.

Weblate allows you to sign all commits by it’s GnuPG key. To configure this, you need to enable WEBLATE_GPG_IDENTITY. Weblate will generate GnuPG key when needed and will use it to sign all translation commits.

This feature needs GnuPG 2.1 or newer installed.

You can find the key in the DATA_DIR and the public key is shown on the about page:


Alternatively you can also import existing keys into Weblate, just set HOME=$DATA_DIR/home when invoking gpg.

Rate limiting

Changed in version 3.2: The rate limiting now accepts more fine grained configuration.

Several operations in Weblate are rate limited. At most RATELIMIT_ATTEMPTS attempts are allowed within RATELIMIT_WINDOW seconds. The user is then blocked for RATELIMIT_LOCKOUT. There are also per scope variants of those settings, for example RATELIMIT_CONTACT_ATTEMPTS or RATELIMIT_TRANSLATE_ATTEMPTS, see table below for full list of available scopes.

Following operations are subject to rate limiting:

Name Scope Allowed attempts Ratelimit window Lockout period
Registration REGISTRATION 5 300 600
Sending message to admins MESSAGE 5 300 600
Password authentication on login LOGIN 5 300 600
Sitewide search SEARCH 6 60 60
Translating TRANSLATE 30 60 600
Adding to glossary GLOSSARY 30 60 600

Additionally if there are more than AUTH_LOCK_ATTEMPTS failed authentication attempts on one account, this account password authentication is disabled and it’s not possible to login until user asks for password reset.

See also

Rate limiting

IP address for rate limiting

The rate limiting is based on client IP address. This is obtained from HTTP headers and you will have to change configuration in the event Weblate is running behind reverse proxy to work it properly.