diff --git a/security/MemberLoginForm.php b/security/MemberLoginForm.php
index 88b6a7e97..6516eb091 100644
--- a/security/MemberLoginForm.php
+++ b/security/MemberLoginForm.php
@@ -67,21 +67,21 @@ class MemberLoginForm extends LoginForm {
 		}
 
 		if($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
-			$fields = new FieldList(
-				new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
+			$fields = FieldList::create(
+				HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this)
 			);
-			$actions = new FieldList(
-				new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
+			$actions = FieldList::create(
+				FormAction::create("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
 			);
 		} else {
 			if(!$fields) {
 				$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
-				$fields = new FieldList(
-					new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this),
+				$fields = FieldList::create(
+					HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this),
 					// Regardless of what the unique identifer field is (usually 'Email'), it will be held in the
 					// 'Email' value, below:
-					$emailField = new TextField("Email", $label, null, null, $this),
-					new PasswordField("Password", _t('Member.PASSWORD', 'Password'))
+					$emailField = TextField::create("Email", $label, null, null, $this),
+					PasswordField::create("Password", _t('Member.PASSWORD', 'Password'))
 				);
 				if(Security::config()->remember_username) {
 					$emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
@@ -91,16 +91,16 @@ class MemberLoginForm extends LoginForm {
 					$emailField->setAttribute('autocomplete', 'off');
 				}
 				if(Security::config()->autologin_enabled) {
-					$fields->push(new CheckboxField(
+					$fields->push(CheckboxField::create(
 						"Remember",
 						_t('Member.REMEMBERME', "Remember me next time?")
 					));
 				}
 			}
 			if(!$actions) {
-				$actions = new FieldList(
-					new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")),
-					new LiteralField(
+				$actions = FieldList::create(
+					FormAction::create('dologin', _t('Member.BUTTONLOGIN', "Log in")),
+					LiteralField::create(
 						'forgotPassword',
 						'<p id="ForgotPassword"><a href="Security/lostpassword">'
 						. _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
@@ -110,7 +110,7 @@ class MemberLoginForm extends LoginForm {
 		}
 
 		if(isset($backURL)) {
-			$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
+			$fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
 		}
 
 		// Reduce attack surface by enforcing POST requests
@@ -118,7 +118,7 @@ class MemberLoginForm extends LoginForm {
 
 		parent::__construct($controller, $name, $fields, $actions);
 
-		$this->setValidator(new RequiredFields('Email', 'Password'));
+		$this->setValidator(RequiredFields::create('Email', 'Password'));
 
 		// Focus on the email input when the page is loaded
 		$js = <<<JS
@@ -204,7 +204,7 @@ JS;
 			if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
 				Session::set('BackURL', $backURL);
 			}
-			$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
+			$cp = ChangePasswordForm::create($this->controller, 'ChangePasswordForm');
 			$cp->sessionMessage(
 				_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
 				'good'