I’m not sure I would want to change the theme and do more harm than good… we have thousands of visitors every day.
I don’t know if you caught this earlier, but not all links generate a 403, some do, and some don’t. So does that mean there is something specific in the URL that’s causing this? What is certain is that BPS is behind it.
Can you look at our htaccess and tell us which are “BPS Query string exploits code” ? I would try this before anything else