Can attacker circumvent a htaccess 'deny from all' command

I applied an htaccess file to the /administrator directory of a joomla website that is supposed to whitelist only my local ip address and my public ip address .

However, it appears that a new user account was created within that joomla account a couple of months after I applied the white list.

Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 77.##.##.###

Can someone offer a theory on how this is possible?

Solution

Users can be created via front-end, even if you don't have a registration link or form there. Registration might be accessed by going to: index.php?option=com_users&view=registration

You can disable this option in Joomla back-end. To do so go to: System -> Global Configuration -> Users Manager and turn Allow User Registration to NO.

Hide vimeo user account logo on embedded videos
Expo AuthSession w/ Azure not returning to app
How to convert categorial raster to mapped RGB values in R?
Generating offline documentation for Spring projects
Setting OAuth scopes for Google Sheets add-on correctly
Any way to throttle calls to a specific API in Chrome DevTools while leaving others unthrottled?
VS Code not recognizing Jest, underlining with Intellisense
Obtain bundle identifier programmatically in Swift?
ASP.NET Required Field Validator and Compare Validator not working
How to determine a terminal's background color?
$_FILES['file']['tmp_name'] equivalents in C#
How can I define a dependency in Make if all files reside in different folders but with similar structure (language dependent)?
Installation appears to be corrupt [Unsupported] - Visual Studio Code
How to output fragmented mp4 with ffmpeg?
How to Check whether Session is Expired or not in asp.net
Using assertRaises without self in Python 3.6
How to Delete node_modules - Deep Nested Folder in Windows
Set a Date Object Java
Did C++20 change to allow conversion from array-of-known-bound `type(&)[N]` to array-of-unknown-bound `type(&)[]`?
calculate pearson correlation of each rows in 2D numpy array (n,m)
ASP.NET mvc auth or session expires quicker than set
How to see file history, stashes etc. on source control panel in VS Code
Git web development workflow, commit links to minified css and js?
Android not respecting meta tag removal via JavaScript
Bootstrap 5 / jQuery: is it possible to force bootstrap 5 to inject its jquery plugins immediately, not after DOMContentLoaded?
Which Python packages offer a stand-alone event system?
Is there a Javascript equivalent to Python's in conditional operator?
Use of specific target_country and country meta tags
meta in HTML run a hard refresh
Custom CSS Scrollbar for Firefox