Are you using the public instance (meet.jit.si) or a self-installed instance? If it’s on the public instance, this is expected behavior. There’s no way of preventing guests from entering a room before the meeting host (or ‘moderator’) if they use the link provided first. The only way really to prevent guests from getting into the room before the ‘moderator’ is for the ‘moderator’ to get in much earlier and enable the lobby feature. Even then, if you use a password and you provide the password to guests beforehand, they will bypass the lobby completely. But at least, the moderator would already be in the room. Note also that everyone has moderator-level access on meet.jit.si.
Now, if you’re on your own installation and you implement secure domain, then no one can get into a room before the Moderator (because rooms do not exist until created and the authenticated user - a.k.a. moderator - would be the one to create the room).
P.S: Please refrain from tagging a person directly when you’re asking for help. This is a community forum with support provided by members of the community. Unless someone is already helping you on an issue, it’s burdensome to tag them with your issue. It really just creates an undue burden on like 3 or 4 individuals. Thanks for understanding.